AWS Security ChangesHomeSearch

AWS AWSEC2 documentation change

Service: AWSEC2 · 2025-07-10 · Documentation low

File: AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md

Summary

Added multiple JSON section markers and formatting dividers (****) between policy examples

Security assessment

Changes appear to be formatting improvements rather than substantive security content modifications. The additions of JSON markers and section breaks help organize documentation but don't introduce new security policies or address vulnerabilities. No specific security vulnerabilities or mitigations are mentioned in the changes.

Diff

diff --git a/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md b/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md
index fdf6d7814..b41648b61 100644
--- a//AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md
+++ b//AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md
@@ -51,0 +52,6 @@ Users don't have permission to perform any actions on the resources (unless anot
+JSON
+    
+
+****
+    
+    
@@ -67,0 +75,6 @@ The following policy denies users permission to use all Amazon EC2 API actions u
+JSON
+    
+
+****
+    
+    
@@ -86,0 +101,6 @@ Alternatively, you can use the condition key `ec2:Region`, which is specific to
+JSON
+    
+
+****
+    
+    
@@ -120,0 +142,6 @@ The users don't have permission to use any other API actions (unless another sta
+JSON
+    
+
+****
+    
+    
@@ -152,0 +181,6 @@ The third statement allows users to terminate all instances in the US East (N. V
+JSON
+    
+
+****
+    
+    
@@ -169,2 +203,2 @@ The third statement allows users to terminate all instances in the US East (N. V
-            "arn:aws:ec2:us-east-1:account-id:instance/i-1234567890abcdef0",
-            "arn:aws:ec2:us-east-1:account-id:instance/i-0598c7d356eba48d7"
+            "arn:aws:ec2:us-east-1:account-id:instance/",
+            "arn:aws:ec2:us-east-1:account-id:instance/"
@@ -219,0 +255,6 @@ The following policy allows users to launch instances using only the specified A
+JSON
+    
+
+****
+    
+    
@@ -242,0 +285,6 @@ Alternatively, the following policy allows users to launch instances from all AM
+JSON
+    
+
+****
+    
+    
@@ -277,0 +327,6 @@ The following policy allows users to launch instances using only the `t2.micro`
+JSON
+    
+
+****
+    
+    
@@ -310,0 +367,6 @@ Alternatively, you can create a policy that denies users permissions to launch a
+JSON
+    
+
+****
+    
+    
@@ -346,0 +410,6 @@ The following policy allows users to launch instances using only the specified s
+JSON
+    
+
+****
+    
+    
@@ -368,0 +439,6 @@ Alternatively, you could create a policy that denies users permissions to launch
+JSON
+    
+
+****
+    
+    
@@ -404,0 +482,6 @@ The following policy allows users to launch instances only if the EBS volumes fo
+JSON
+    
+
+****
+    
+    
@@ -443,0 +528,6 @@ For more information, see [Grant permission to tag Amazon EC2 resources during c
+JSON
+    
+
+****
+    
+    
@@ -473,0 +565,6 @@ The following policy includes the `aws:RequestTag` condition key that requires u
+JSON
+    
+
+****
+    
+    
@@ -525,0 +624,6 @@ The following policy uses the `ForAnyValue` modifier on the `aws:TagKeys` condit
+JSON
+    
+
+****
+    
+    
@@ -576,0 +682,6 @@ In the following policy, users do not have to specify tags in the request, but i
+JSON
+    
+
+****
+    
+    
@@ -608,0 +721,6 @@ To disallow anyone called tag on create for RunInstances
+JSON
+    
+
+****
+    
+    
@@ -678,0 +798,6 @@ In the following example, users can launch instances, but only if they use a spe
+JSON
+    
+
+****
+    
+    
@@ -716,0 +843,6 @@ The `ec2:ElasticGpuType` condition key ensures that instances use either the `eg
+JSON
+    
+
+****
+    
+    
@@ -758,0 +892,6 @@ In the following example, users can launch instances, but only if they use a spe
+JSON
+    
+
+****
+    
+    
@@ -777,0 +918,6 @@ In this example, users can launch instances only if they use a launch template.
+JSON
+    
+
+****
+    
+    
@@ -799,0 +947,6 @@ The following example policy allows user to launch instances, but only if they u
+JSON
+    
+
+****
+    
+    
@@ -833,0 +988,6 @@ The following example allows users to launch instances only if they use a launch
+JSON
+    
+
+****
+    
+    
@@ -897,0 +1059,6 @@ To use RunInstances to create Spot Instance requests, you can omit `spot-instanc
+JSON
+    
+
+****
+    
+    
@@ -929,0 +1098,6 @@ The following policy is meant to give users the permission to launch On-Demand I
+JSON
+    
+
+****
+    
+    
@@ -966,0 +1142,6 @@ If you tag a Spot Instance request on create, Amazon EC2 evaluates the `spot-ins
+JSON
+    
+
+****
+    
+    
@@ -1002,0 +1185,6 @@ The first statement allows RunInstances to create the listed resources. The `spo
+JSON
+    
+
+****
+    
+    
@@ -1046,0 +1236,6 @@ Note that specifying another tag other than `environment=production` results in
+JSON