AWS audit-manager documentation change
Summary
Restructured policy examples by renaming Example 3 to focus on evidence finder permissions, removing export destination example, and renumbering subsequent examples. Added documentation for enabling/disabling evidence finder permissions.
Security assessment
The changes reorganize and emphasize permissions related to evidence finder (a security auditing feature), but there's no indication of addressing a specific vulnerability. The removal of export destination permissions example suggests documentation restructuring rather than security remediation.
Diff
diff --git a/audit-manager/latest/userguide/security_iam_id-based-policy-examples.md b/audit-manager/latest/userguide/security_iam_id-based-policy-examples.md index 27495e89a..9565b0f42 100644 --- a//audit-manager/latest/userguide/security_iam_id-based-policy-examples.md +++ b//audit-manager/latest/userguide/security_iam_id-based-policy-examples.md @@ -27 +27 @@ For details about actions and resource types defined by AWS Audit Manager, inclu - * [Example 3 (Export destination permissions)](./security_iam_id-based-policy-examples.html#full-administrator-access-export-destination) + * [Example 3 (Permissions to enable evidence finder)](./security_iam_id-based-policy-examples.html#full-administrator-access-enable-evidence-finder) @@ -29,3 +29 @@ For details about actions and resource types defined by AWS Audit Manager, inclu - * [Example 4 (Permissions to enable evidence finder)](./security_iam_id-based-policy-examples.html#full-administrator-access-enable-evidence-finder) - - * [Example 5 (Permissions to disable evidence finder)](./security_iam_id-based-policy-examples.html#full-administrator-access-disable-evidence-finder) + * [Example 4 (Permissions to disable evidence finder)](./security_iam_id-based-policy-examples.html#full-administrator-access-disable-evidence-finder) @@ -146,3 +144 @@ The following example policies grant full administrator access to AWS Audit Mana - * Example 3 (Export destination permissions) - - * Example 4 (Permissions to enable evidence finder) + * Example 3 (Permissions to enable evidence finder) @@ -150 +146 @@ The following example policies grant full administrator access to AWS Audit Mana - * Example 5 (Permissions to disable evidence finder) + * Example 4 (Permissions to disable evidence finder) @@ -198,77 +194 @@ Replace the `placeholder text` with your own information. Include the S3 bucket -### Example 3 (Export destination permissions) - -The following policy allows CloudTrail to deliver evidence finder query results to the specified S3 bucket. As a security best practice, the IAM global condition key `aws:SourceArn` helps ensure that CloudTrail writes to the S3 bucket only for the event data store. - -Replace the `placeholder text` with your own information, as follows: - - * Replace `amzn-s3-demo-destination-bucket` with the S3 bucket that you use as your export destination. - - * Replace `myQueryRunningRegion` with the appropriate AWS Region for your configuration. - - * Replace `myAccountID` with the AWS account ID that's used for CloudTrail. This might not be the same as the AWS account ID for the S3 bucket. If this is an organization event data store, you must use the AWS account for the management account. - - - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": [ - "s3:PutObject*", - "s3:Abort*" - ], - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-destination-bucket", - "arn:aws:s3:::amzn-s3-demo-destination-bucket/*" - ], - "Condition": { - "StringEquals": { - "AWS:SourceArn": "arn:aws:cloudtrail:myQueryRunningRegion:myAccountID:eventdatastore/*" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": "s3:GetBucketAcl", - "Resource": "arn:aws:s3:::amzn-s3-demo-destination-bucket", - "Condition": { - "StringEquals": { - "AWS:SourceArn": "arn:aws:cloudtrail:myQueryRunningRegion:myAccountID:eventdatastore/*" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "Service": "cloudtrail.amazonaws.com" - }, - "Action": [ - "kms:Decrypt*", - "kms:GenerateDataKey*" - ], - "Resource": "*" - }, - { - "Effect": "Allow", - "Principal": { - "Service": "s3.amazonaws.com" - }, - "Action": [ - "kms:Decrypt*", - "kms:GenerateDataKey*" - ], - "Resource": "*" - } - ] - } - -### Example 4 (Permissions to enable evidence finder) +### Example 3 (Permissions to enable evidence finder) @@ -304 +224 @@ The following permission policy is required if you want to enable and use the ev -### Example 5 (Permissions to disable evidence finder) +### Example 4 (Permissions to disable evidence finder) @@ -628 +548 @@ Before using this policy, replace the `placeholder text` with your own informati - } + },