AWS prescriptive-guidance documentation change
Summary
Removed IAM policy enforcing IP restrictions for role assumption
Security assessment
Deleted network security example without evidence of addressing a specific vulnerability
Diff
diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md b/prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md index db604199b..18d362fc3 100644 --- a//prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md +++ b//prescriptive-guidance/latest/privacy-reference-architecture/require-access-from-specific-ip-addresses.md @@ -13,28 +12,0 @@ This policy allows the `john_stiles` user to assume IAM roles only if the call i - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::account-id:user/john_stiles" - }, - "Action": "sts:AssumeRole" - }, - { - "Effect": "Deny", - "Principal": { - "AWS": "arn:aws:iam::account-id:user/john_stiles" - }, - "Action": "sts:AssumeRole", - "Condition": { - "NotIpAddress": { - "aws:SourceIp": [ - "192.0.2.0/24", - "203.0.113.0/24" - ] - } - } - } - ] - } -