AWS Security ChangesHomeSearch

AWS datazone documentation change

Service: datazone · 2025-07-18 · Documentation low

File: datazone/latest/userguide/security-iam-awsmanpol-AmazonDataZoneRedshiftManageAccessRolePolicy.md

Summary

Replaced detailed inline IAM policy JSON with a reference link to AWS Managed Policy documentation

Security assessment

The change removes explicit policy details and directs users to managed policy reference. While IAM policies are security-related, there's no evidence this change addresses a specific security vulnerability. It appears to be a documentation simplification rather than a security fix. The policy remains focused on Redshift data access permissions which are security features.

Diff

diff --git a/datazone/latest/userguide/security-iam-awsmanpol-AmazonDataZoneRedshiftManageAccessRolePolicy.md b/datazone/latest/userguide/security-iam-awsmanpol-AmazonDataZoneRedshiftManageAccessRolePolicy.md
index 4579291b9..c58ddbed9 100644
--- a//datazone/latest/userguide/security-iam-awsmanpol-AmazonDataZoneRedshiftManageAccessRolePolicy.md
+++ b//datazone/latest/userguide/security-iam-awsmanpol-AmazonDataZoneRedshiftManageAccessRolePolicy.md
@@ -9,92 +9 @@ This policy gives Amazon DataZone permissions to publish Amazon Redshift data to
-    
-    {
-    	"Version": "2012-10-17",
-    	"Statement": [
-    		{
-    			"Sid": "redshiftDataScopeDownPermissions",
-    			"Effect": "Allow",
-    			"Action": [
-    				"redshift-data:BatchExecuteStatement",
-    				"redshift-data:DescribeTable",
-    				"redshift-data:ExecuteStatement",
-    				"redshift-data:ListTables",
-    				"redshift-data:ListSchemas",
-    				"redshift-data:ListDatabases"
-    			],
-    			"Resource": [
-    				"arn:aws:redshift-serverless:*:*:workgroup/*",
-    				"arn:aws:redshift:*:*:cluster:*"
-    			],
-    			"Condition": {
-    				"StringEquals": {
-    					"aws:ResourceAccount": "${aws:PrincipalAccount}"
-    				}
-    			}
-    		},
-    		{
-    			"Sid": "listSecretsPermission",
-    			"Effect": "Allow",
-    			"Action": "secretsmanager:ListSecrets",
-    			"Resource": "*"
-    		},
-    		{
-    			"Sid": "getWorkgroupPermission",
-    			"Effect": "Allow",
-    			"Action": "redshift-serverless:GetWorkgroup",
-    			"Resource": [
-    				"arn:aws:redshift-serverless:*:*:workgroup/*"
-    			],
-    			"Condition": {
-    				"StringEquals": {
-    					"aws:ResourceAccount": "${aws:PrincipalAccount}"
-    				}
-    			}
-    		},
-    		{
-    			"Sid": "getNamespacePermission",
-    			"Effect": "Allow",
-    			"Action": "redshift-serverless:GetNamespace",
-    			"Resource": [
-    				"arn:aws:redshift-serverless:*:*:namespace/*"
-    			],
-    			"Condition": {
-    				"StringEquals": {
-    					"aws:ResourceAccount": "${aws:PrincipalAccount}"
-    				}
-    			}
-    		},
-    		{
-    			"Sid": "redshiftDataPermissions",
-    			"Effect": "Allow",
-    			"Action": [
-    				"redshift-data:DescribeStatement",
-    				"redshift-data:GetStatementResult",
-    				"redshift:DescribeClusters"
-    			],
-    			"Resource": "*"
-    		},
-    		{
-    			"Sid": "dataSharesPermissions",
-    			"Effect": "Allow",
-    			"Action": [
-    				"redshift:AuthorizeDataShare",
-    				"redshift:DescribeDataShares"
-    			],
-    			"Resource": [
-    				"arn:aws:redshift:*:*:datashare:*/datazone*"
-    			],
-    			"Condition": {
-    				"StringEquals": {
-    					"aws:ResourceAccount": "${aws:PrincipalAccount}"
-    				}
-    			}
-    		},
-    		{
-    			"Sid": "associateDataShareConsumerPermission",
-    			"Effect": "Allow",
-    			"Action": "redshift:AssociateDataShareConsumer",
-    			"Resource": "arn:aws:redshift:*:*:datashare:*/datazone*"
-    		}
-    	]
-    }
-                
+To view the permissions for this policy, see [AmazonDataZoneRedshiftManageAccessRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonDataZoneRedshiftManageAccessRolePolicy.html) in the _AWS Managed Policy Reference_.