AWS Security ChangesHomeSearch

AWS lambda documentation change

Service: lambda · 2025-07-16 · Documentation low

File: lambda/latest/dg/permissions-user-function.md

Summary

Removed detailed IAM policy examples and added JSON section breaks

Security assessment

Changes involve removing specific IAM policy examples and restructuring document formatting. No security-specific content was added or modified beyond general documentation cleanup.

Diff

diff --git a/lambda/latest/dg/permissions-user-function.md b/lambda/latest/dg/permissions-user-function.md
index c758ac7a9..b4d067b63 100644
--- a//lambda/latest/dg/permissions-user-function.md
+++ b//lambda/latest/dg/permissions-user-function.md
@@ -16,0 +17,6 @@ The following shows an example of a permissions policy with limited scope. It al
+JSON
+    
+
+****
+    
+    
@@ -24,13 +29,0 @@ The following shows an example of a permissions policy with limited scope. It al
-                "Action": [
-                    "lambda:GetAccountSettings",
-                    "lambda:GetEventSourceMapping",
-                    "lambda:GetFunction",
-                    "lambda:GetFunctionConfiguration",           
-                    "lambda:GetFunctionCodeSigningConfig",
-                    "lambda:GetFunctionConcurrency",                
-                    "lambda:ListEventSourceMappings",
-                    "lambda:ListFunctions",      
-                    "lambda:ListTags",
-                    "iam:ListRoles"
-                ],
-                "Resource": "*"
@@ -41,5 +33,0 @@ The following shows an example of a permissions policy with limited scope. It al
-                "NotAction": [
-                    "lambda:AddPermission",
-                    "lambda:PutFunctionConcurrency"
-                ],
-                "Resource": "arn:aws:lambda:*:*:function:intern-*"
@@ -50,11 +37,0 @@ The following shows an example of a permissions policy with limited scope. It al
-                "Action": [
-                    "lambda:DeleteEventSourceMapping",
-                    "lambda:UpdateEventSourceMapping",
-                    "lambda:CreateEventSourceMapping"
-                ],
-                "Resource": "*",
-                "Condition": {
-                    "StringLike": {
-                        "lambda:FunctionArn": "arn:aws:lambda:*:*:function:intern-*"
-                    }
-                }
@@ -65,9 +41,0 @@ The following shows an example of a permissions policy with limited scope. It al
-                "Action": [
-                    "iam:ListRolePolicies",
-                    "iam:ListAttachedRolePolicies",
-                    "iam:GetRole",
-                    "iam:GetRolePolicy",
-                    "iam:PassRole",
-                    "iam:SimulatePrincipalPolicy"
-                ],
-                "Resource": "arn:aws:iam::*:role/intern-lambda-execution-role"
@@ -78,4 +45,0 @@ The following shows an example of a permissions policy with limited scope. It al
-                "Action": [
-                    "logs:*"
-                ],
-                "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/intern-*"