AWS systems-manager documentation change
Summary
Added JSON formatting blocks and modified parameter ARNs by removing account IDs in resource examples
Security assessment
Changes involve formatting improvements (adding JSON sections) and updating ARN examples to remove account IDs. While ARN format corrections prevent potential misconfigurations, there's no explicit evidence of addressing a security vulnerability.
Diff
diff --git a/systems-manager/latest/userguide/sysman-paramstore-access.md b/systems-manager/latest/userguide/sysman-paramstore-access.md index 81d2ef62f..a9ac85baf 100644 --- a//systems-manager/latest/userguide/sysman-paramstore-access.md +++ b//systems-manager/latest/userguide/sysman-paramstore-access.md @@ -31,0 +32,6 @@ When using IAM policies to restrict access to Systems Manager parameters, we rec +JSON + + +**** + + @@ -59,0 +67,6 @@ For trusted administrators, you can provide access to all Systems Manager parame +JSON + + +**** + + @@ -75 +88 @@ For trusted administrators, you can provide access to all Systems Manager parame - "Resource": "arn:aws:ssm:us-east-2:123456789012:parameter/dbserver-prod-*" + "Resource": "arn:aws:ssm:us-east-2::parameter/dbserver-prod-*" @@ -94,0 +109,6 @@ If you want all API operations retrieving parameter values to have the same beha +JSON + + +**** + + @@ -110,0 +132,6 @@ The following example shows how to deny some commands while allowing the user to +JSON + + +**** + + @@ -133 +160 @@ The following example shows how to deny some commands while allowing the user to - "Resource": "arn:aws:ssm:us-east-2:123456789012:parameter/prod-*" + "Resource": "arn:aws:ssm:us-east-2::parameter/prod-*" @@ -158,0 +187,6 @@ Instance policies, like in the following example, are assigned to the instance r +JSON + + +**** + + @@ -169 +203 @@ Instance policies, like in the following example, are assigned to the instance r - "arn:aws:ssm:us-east-2:123456789012:parameter/prod-*" + "arn:aws:ssm:us-east-2::parameter/prod-*" @@ -178 +212 @@ Instance policies, like in the following example, are assigned to the instance r - "arn:aws:kms:us-east-2:123456789012:key/4914ec06-e888-4ea5-a371-5b88eEXAMPLE" + "arn:aws:kms:us-east-2::key/4914ec06-e888-4ea5-a371-5b88eEXAMPLE" @@ -189,0 +225,6 @@ When using a customer managed key, the IAM policy that grants a user access to a +JSON + + +**** + + @@ -210 +251 @@ When using a customer managed key, the IAM policy that grants a user access to a - "kms:GenerateDataKey"  + "kms:GenerateDataKey" @@ -226,0 +269,6 @@ You can locate the Amazon Resource Name (ARN) of the default key in the AWS KMS +JSON + + +**** + +