AWS apprunner high security documentation change
Summary
Modified IAM trust policy service principals (e.g., 'build..amazonaws.com') and added JSON section breaks
Security assessment
Changes to trust policies (e.g., incomplete service principal 'build..amazonaws.com') could indicate a security fix for improper service permissions. However, the typographical errors suggest potential documentation errors that might weaken security if followed.
Diff
diff --git a/apprunner/latest/dg/security_iam_service-with-iam.md b/apprunner/latest/dg/security_iam_service-with-iam.md index b2463aa68..352de3d06 100644 --- a//apprunner/latest/dg/security_iam_service-with-iam.md +++ b//apprunner/latest/dg/security_iam_service-with-iam.md @@ -140,0 +141,6 @@ For examples of user policies, see [User policies](./security_iam_id-based-polic +JSON + + +**** + + @@ -148,2 +154,2 @@ For examples of user policies, see [User policies](./security_iam_id-based-polic - "apprunner:List*", - "apprunner:Describe*" + ":List*", + ":Describe*" @@ -214,0 +222,6 @@ The access role is a role that App Runner uses for accessing images in Amazon El +JSON + + +**** + + @@ -238,0 +253,6 @@ When you create your access role, be sure to add a trust policy that declares th +JSON + + +**** + + @@ -246 +266 @@ When you create your access role, be sure to add a trust policy that declares th - "Service": "build.apprunner.amazonaws.com" + "Service": "build..amazonaws.com" @@ -262,0 +284,6 @@ When you create your instance role, be sure to add a trust policy that declares +JSON + + +**** + + @@ -270 +297 @@ When you create your instance role, be sure to add a trust policy that declares - "Service": "tasks.apprunner.amazonaws.com" + "Service": "tasks..amazonaws.com"