AWS Security ChangesHomeSearch

AWS AmazonECS high security documentation change

Service: AmazonECS · 2025-07-18 · Security-related high

File: AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.md

Summary

Modified IAM policy examples with incorrect action prefixes and ARN formats, added JSON markers

Security assessment

Introduced policy syntax errors: Changed 'ecs:DescribeServices' to ':DescribeServices' (missing service prefix) and 'arn:aws:ecs:*:*:service/*' to invalid 'arn:aws::*:*:service/*'. These changes could lead to dangerous policy misconfigurations if followed by users.

Diff

diff --git a/AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.md b/AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.md
index 7af5c629d..fe4db1dc0 100644
--- a//AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.md
+++ b//AmazonECS/latest/developerguide/security_iam_id-based-policy-examples.md
@@ -396,0 +397,6 @@ You can use conditions in your identity-based policy to control access to Amazon
+JSON
+    
+
+****
+    
+    
@@ -404 +410 @@ You can use conditions in your identity-based policy to control access to Amazon
-                "Action": "ecs:DescribeServices",
+                "Action": ":DescribeServices",
@@ -410,2 +416,2 @@ You can use conditions in your identity-based policy to control access to Amazon
-                "Action": "ecs:DescribeServices",
-                "Resource": "arn:aws:ecs:*:*:service/*",
+                "Action": ":DescribeServices",
+                "Resource": "arn:aws::*:*:service/*",
@@ -413 +419 @@ You can use conditions in your identity-based policy to control access to Amazon
-                    "StringEquals": {"ecs:ResourceTag/Owner": "${aws:username}"}
+                    "StringEquals": {":ResourceTag/Owner": "${aws:username}"}