AWS resource-explorer medium security documentation change
Summary
Modified IAM policy examples with incomplete action names and resource ARNs
Security assessment
Policy examples now contain invalid actions (e.g., ':Search' instead of 'resource-explorer-2:Search') and incomplete resource ARNs, which could lead to insecure IAM configurations if followed
Diff
diff --git a/resource-explorer/latest/userguide/configure-views-share.md b/resource-explorer/latest/userguide/configure-views-share.md index a9c607eab..b784629a4 100644 --- a//resource-explorer/latest/userguide/configure-views-share.md +++ b//resource-explorer/latest/userguide/configure-views-share.md @@ -34,0 +35,6 @@ The following example policy shows how you can make a view available to the prin +JSON + + +**** + + @@ -48 +54 @@ The following example policy shows how you can make a view available to the prin - "Resource": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/policy-name/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111", + "Resource": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/policy-name/", @@ -58,0 +66,6 @@ The administrator in each of the specified accounts must now specify which roles +JSON + + +**** + + @@ -66,3 +79,3 @@ The administrator in each of the specified accounts must now specify which roles - "resource-explorer-2:Search", - "resource-explorer-2:GetView", - "Resource": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/policy-name/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111" + ":Search", + ":GetView", + "Resource": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/policy-name/"