AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-07-10 · Documentation low

File: IAM/latest/UserGuide/reference_policies_condition-keys.md

Summary

Added JSON code block markers and section dividers in multiple policy examples

Security assessment

Changes appear to be formatting improvements for JSON policy examples. No security vulnerabilities or new security features are mentioned in the diff.

Diff

diff --git a/IAM/latest/UserGuide/reference_policies_condition-keys.md b/IAM/latest/UserGuide/reference_policies_condition-keys.md
index fad3bed31..8f26e80d7 100644
--- a//IAM/latest/UserGuide/reference_policies_condition-keys.md
+++ b//IAM/latest/UserGuide/reference_policies_condition-keys.md
@@ -119,0 +120,6 @@ In the following example, access is denied except to principals with the account
+JSON
+    
+
+****
+    
+    
@@ -216,0 +224,6 @@ For example, the following Amazon S3 bucket policy allows members of any account
+JSON
+    
+
+****
+    
+    
@@ -254,0 +269,6 @@ This example shows how you might create an identity-based policy that allows use
+JSON
+    
+
+****
+    
+    
@@ -292,0 +314,6 @@ In the following Amazon S3 bucket policy example, access to the bucket is restri
+JSON
+    
+
+****
+    
+    
@@ -341,0 +370,6 @@ In the following Amazon S3 bucket policy example, access to the bucket is restri
+JSON
+    
+
+****
+    
+    
@@ -445,0 +481,6 @@ In the following example, when used as a service control policy, denies the usag
+JSON
+    
+
+****
+    
+    
@@ -639,0 +682,6 @@ The following policy denies Amazon S3 put requests on the specified bucket for a
+JSON
+    
+
+****
+    
+    
@@ -676,0 +726,6 @@ This condition key is not available in EC2-Classic.
+JSON
+    
+
+****
+    
+    
@@ -727,0 +784,6 @@ The following example is a service control policy (SCP) that denies access to al
+JSON
+    
+
+****
+    
+    
@@ -787,0 +851,6 @@ The following role trust policy for `CriticalRole` in account `111122223333` con
+JSON
+    
+
+****
+    
+    
@@ -839,0 +910,6 @@ In the following example, access is denied if the ec2:RoleDelivery value in the
+JSON
+    
+
+****
+    
+    
@@ -951,0 +1029,6 @@ The following example allows one specific Lambda function to have `s3:PutObject`
+JSON
+    
+
+****
+    
+    
@@ -1028,0 +1113,6 @@ For example, you can attach the following identity-based policy to an IAM role.
+JSON
+    
+
+****
+    
+    
@@ -1048,0 +1140,6 @@ If you need to restrict access from networks that support both IPv4 and IPv6 add
+JSON
+    
+
+****
+    
+    
@@ -1096,0 +1195,6 @@ This policy does not allow any actions. Use this policy in combination with othe
+JSON
+    
+
+****
+    
+    
@@ -1273,0 +1379,6 @@ This policy does not allow any actions. Instead, it uses the `Deny` effect which
+JSON
+    
+
+****
+    
+    
@@ -1524,0 +1637,6 @@ This policy does not allow any actions. Instead, it uses the `Deny` effect which
+JSON
+    
+
+****
+    
+    
@@ -1602,0 +1722,6 @@ For example, the following policy allows managing the AWS KMS key named `my-exam
+JSON
+    
+
+****
+    
+    
@@ -1628,0 +1755,6 @@ If you want to enforce which service makes the first or last call in the chain,
+JSON
+    
+
+****
+    
+    
@@ -1773,0 +1907,6 @@ You can use this context key to limit access to AWS services within a given set
+JSON
+    
+
+****
+    
+    
@@ -1833,0 +1974,6 @@ This example shows that while the key is single-valued, you can still use multip
+JSON
+    
+
+****
+    
+    
@@ -1927,0 +2075,6 @@ You can use this condition key to help ensure that a calling service can access
+JSON
+    
+
+****
+    
+    
@@ -2002,0 +2157,6 @@ You can use this condition key to help ensure that a calling service can access
+JSON
+    
+
+****
+    
+