AWS iot-sitewise medium security documentation change
Summary
Modified IAM policy examples: changed resource paths, removed service prefixes in actions, and added JSON formatting
Security assessment
The change replaces specific resource ARNs with root path ('/') and removes 'iotsitewise:' service prefixes in actions, which could lead to overly permissive policies or invalid syntax if followed literally. This addresses potential misconfigurations in security policies.
Diff
diff --git a/iot-sitewise/latest/userguide/security_iam_id-based-policy-examples.md b/iot-sitewise/latest/userguide/security_iam_id-based-policy-examples.md index 9d6f8c247..552a13fde 100644 --- a//iot-sitewise/latest/userguide/security_iam_id-based-policy-examples.md +++ b//iot-sitewise/latest/userguide/security_iam_id-based-policy-examples.md @@ -103,0 +104,6 @@ In this example, you want to grant a user in your AWS account access to write da +JSON + + +**** + + @@ -116,2 +122,2 @@ In this example, you want to grant a user in your AWS account access to write da - "/a1b2c3d4-5678-90ab-cdef-22222EXAMPLE", - "/a1b2c3d4-5678-90ab-cdef-22222EXAMPLE/*" + "/", + "//*" @@ -128,0 +136,6 @@ Use conditions in your identity-based policy to control access to AWS IoT SiteWi +JSON + + +**** + + @@ -137,2 +150,2 @@ Use conditions in your identity-based policy to control access to AWS IoT SiteWi - "iotsitewise:ListAssets", - "iotsitewise:ListAssociatedAssets" + ":ListAssets", + ":ListAssociatedAssets" @@ -145,2 +158,2 @@ Use conditions in your identity-based policy to control access to AWS IoT SiteWi - "Action": "iotsitewise:DescribeAsset", - "Resource": "arn:aws:iotsitewise:*:*:asset/*", + "Action": ":DescribeAsset", + "Resource": "arn:aws::*:*:asset/*",