AWS apigateway documentation change
Summary
Added JSON formatting blocks and modified IAM policy action/resource patterns
Security assessment
Enhances security documentation with policy examples but doesn't address specific vulnerabilities. Action change from 'apigateway:GET' to ':GET' and ARN pattern updates improve generality but lack explicit security context
Diff
diff --git a/apigateway/latest/developerguide/security_iam_id-based-policy-examples.md b/apigateway/latest/developerguide/security_iam_id-based-policy-examples.md index 71092ec1f..44347d378 100644 --- a//apigateway/latest/developerguide/security_iam_id-based-policy-examples.md +++ b//apigateway/latest/developerguide/security_iam_id-based-policy-examples.md @@ -96,0 +97,6 @@ This example policy gives a user permission to get information about all of the +JSON + + +**** + + @@ -104 +110 @@ This example policy gives a user permission to get information about all of the - "apigateway:GET" + ":GET" @@ -107 +113 @@ This example policy gives a user permission to get information about all of the - "arn:aws:apigateway:us-east-1::/apis/a123456789/*" + "arn:aws::::/apis/a123456789/*" @@ -116,0 +124,6 @@ This example policy allows a user to create APIs with only `REQUEST` or `JWT` au +JSON + + +**** + + @@ -154,0 +169,6 @@ Because the `apis/*` resource also captures sub resources such as authorizers or +JSON + + +**** + + @@ -199,0 +221,6 @@ We use the non-greedy matcher (`?`) to explicitly match against API IDs to preve +JSON + + +**** + + @@ -255,0 +284,6 @@ This policy causes attempts to create or update a route (including through [impo +JSON + + +**** + + @@ -300,0 +336,6 @@ This policy prevents a user from creating or updating a VPC link. A VPC link ena +JSON + + +**** + + @@ -328,0 +371,6 @@ This policy prevents a user from creating or updating a `BasePathMapping`, `ApiM +JSON + + +**** + + @@ -349,0 +399,6 @@ This policy allows a user to only update a routing rule to a priority between 10 +JSON + + +**** + + @@ -376,0 +433,6 @@ This policy allows a user to only update a base path mapping for any base path t +JSON + + +**** + + @@ -403,0 +467,6 @@ This policy allows a user to only update the routing mode to `API_MAPPING_ONLY` +JSON + + +**** + +