AWS IAM medium security documentation change
Summary
Modified resource ARN format in policy examples and added JSON formatting elements
Security assessment
Changed 'account-ID-without-hyphens' to empty account placeholder (:::) in ARNs, potentially introducing misconfiguration risks if users copy invalid resource identifiers
Diff
diff --git a/IAM/latest/UserGuide/tutorial_attribute-based-access-control.md b/IAM/latest/UserGuide/tutorial_attribute-based-access-control.md index 519ea26ac..85922b25a 100644 --- a//IAM/latest/UserGuide/tutorial_attribute-based-access-control.md +++ b//IAM/latest/UserGuide/tutorial_attribute-based-access-control.md @@ -118,0 +119,6 @@ To use this policy, replace the _italicized placeholder text_ with your account +JSON + + +**** + + @@ -126 +132 @@ To use this policy, replace the _italicized placeholder text_ with your account - "Resource": "arn:aws:iam::account-ID-without-hyphens:role/access-*", + "Resource": "arn:aws:iam:::role/access-*", @@ -174,0 +182,6 @@ The following policy allows principals to create, read, edit, and delete resourc +JSON + + +**** + + @@ -439,0 +454,6 @@ To use this policy, replace the _italicized placeholder text_ with your account +JSON + + +**** + + @@ -448,2 +468,2 @@ To use this policy, replace the _italicized placeholder text_ with your account - "arn:aws:iam::account-ID-without-hyphens:role/access-peg-engineering", - "arn:aws:iam::account-ID-without-hyphens:role/access-cen-engineering" + "arn:aws:iam:::role/access-peg-engineering", + "arn:aws:iam:::role/access-cen-engineering"