AWS AWSEC2 documentation change
Summary
Updated SSM/KMS ARN examples with specific account/region identifiers
Security assessment
Improves example accuracy but does not modify security policies or address vulnerabilities.
Diff
diff --git a/AWSEC2/latest/UserGuide/ec2rw-ssm.md b/AWSEC2/latest/UserGuide/ec2rw-ssm.md index 31860906f..4e27fabfe 100644 --- a//AWSEC2/latest/UserGuide/ec2rw-ssm.md +++ b//AWSEC2/latest/UserGuide/ec2rw-ssm.md @@ -51 +51 @@ To run the **ResetAccess** action, your Amazon EC2 instance must have the a poli - "arn:aws:ssm:region:account_id:parameter/EC2Rescue/Passwords/<instanceid>" + "arn:aws:ssm:us-east-1:111122223333:parameter/EC2Rescue/Passwords/<instanceid>" @@ -69 +69 @@ If you are using a custom KMS key, not the default KMS key, use this policy inst - "arn:aws:ssm:region:account_id:parameter/EC2Rescue/Passwords/<instanceid>" + "arn:aws:ssm:us-east-1:111122223333:parameter/EC2Rescue/Passwords/<instanceid>" @@ -78 +78 @@ If you are using a custom KMS key, not the default KMS key, use this policy inst - "arn:aws:kms:region:account_id:key/<kmskeyid>" + "arn:aws:kms:us-east-1:111122223333:key/<kmskeyid>"