AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2025-07-16 · Documentation low

File: systems-manager/latest/userguide/session-manager-restrict-command-access.md

Summary

Updated example policy ARNs to use generic resource patterns and added JSON formatting markers

Security assessment

Changes demonstrate security best practices by using generic resource ARNs in examples rather than specific instance IDs, but this is a documentation hygiene improvement rather than addressing a specific security issue. No new security features or vulnerabilities are documented.

Diff

diff --git a/systems-manager/latest/userguide/session-manager-restrict-command-access.md b/systems-manager/latest/userguide/session-manager-restrict-command-access.md
index 6c3d49647..82b83a309 100644
--- a//systems-manager/latest/userguide/session-manager-restrict-command-access.md
+++ b//systems-manager/latest/userguide/session-manager-restrict-command-access.md
@@ -304,0 +305,6 @@ You can create IAM policies that allow users to access only the `Session` docume
+JSON
+    
+
+****
+    
+    
@@ -313,2 +319,2 @@ You can create IAM policies that allow users to access only the `Session` docume
-                "arn:aws:ec2:region:987654321098:instance/i-02573cafcfEXAMPLE",
-                "arn:aws:ssm:region:987654321098:document/exampleAllowedSessionDocument"
+                "arn:aws:ec2:region::instance/",
+                "arn:aws:ssm:region::document/exampleAllowedSessionDocument"
@@ -327,0 +335,6 @@ You can create IAM policies that allow users to access only the `Session` docume
+JSON
+    
+
+****
+    
+    
@@ -336,2 +349,2 @@ You can create IAM policies that allow users to access only the `Session` docume
-                "arn:aws:ec2:us-west-2:987654321098:instance/*",
-                "arn:aws:ssm:us-west-2:987654321098:document/exampleAllowedSessionDocument"
+                "arn:aws:ec2:us-west-2::instance/*",
+                "arn:aws:ssm:us-west-2::document/exampleAllowedSessionDocument"
@@ -350,0 +365,6 @@ You can create IAM policies that allow users to access only the `Session` docume
+JSON
+    
+
+****
+    
+    
@@ -359,3 +379,3 @@ You can create IAM policies that allow users to access only the `Session` docume
-                "arn:aws:ec2:us-west-2:987654321098:instance/*",
-                "arn:aws:ssm:us-west-2:987654321098:document/exampleAllowedSessionDocument",
-                "arn:aws:ssm:us-west-2:987654321098:document/exampleAllowedSessionDocument2"
+                "arn:aws:ec2:us-west-2::instance/*",
+                "arn:aws:ssm:us-west-2::document/exampleAllowedSessionDocument",
+                "arn:aws:ssm:us-west-2::document/exampleAllowedSessionDocument2"