AWS lambda documentation change
Summary
Removed detailed IAM policy examples and added JSON section breaks
Security assessment
Changes involve removing specific IAM policy examples and restructuring document formatting. No security-specific content was added or modified beyond general documentation cleanup.
Diff
diff --git a/lambda/latest/dg/permissions-user-function.md b/lambda/latest/dg/permissions-user-function.md index c758ac7a9..b4d067b63 100644 --- a//lambda/latest/dg/permissions-user-function.md +++ b//lambda/latest/dg/permissions-user-function.md @@ -16,0 +17,6 @@ The following shows an example of a permissions policy with limited scope. It al +JSON + + +**** + + @@ -24,13 +29,0 @@ The following shows an example of a permissions policy with limited scope. It al - "Action": [ - "lambda:GetAccountSettings", - "lambda:GetEventSourceMapping", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetFunctionConcurrency", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "lambda:ListTags", - "iam:ListRoles" - ], - "Resource": "*" @@ -41,5 +33,0 @@ The following shows an example of a permissions policy with limited scope. It al - "NotAction": [ - "lambda:AddPermission", - "lambda:PutFunctionConcurrency" - ], - "Resource": "arn:aws:lambda:*:*:function:intern-*" @@ -50,11 +37,0 @@ The following shows an example of a permissions policy with limited scope. It al - "Action": [ - "lambda:DeleteEventSourceMapping", - "lambda:UpdateEventSourceMapping", - "lambda:CreateEventSourceMapping" - ], - "Resource": "*", - "Condition": { - "StringLike": { - "lambda:FunctionArn": "arn:aws:lambda:*:*:function:intern-*" - } - } @@ -65,9 +41,0 @@ The following shows an example of a permissions policy with limited scope. It al - "Action": [ - "iam:ListRolePolicies", - "iam:ListAttachedRolePolicies", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:PassRole", - "iam:SimulatePrincipalPolicy" - ], - "Resource": "arn:aws:iam::*:role/intern-lambda-execution-role" @@ -78,4 +45,0 @@ The following shows an example of a permissions policy with limited scope. It al - "Action": [ - "logs:*" - ], - "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/intern-*"