AWS AmazonRDS documentation change
Summary
Updated IAM policy JSON structure with explicit Sid, corrected Principal service name, and added Resource ARN
Security assessment
Improves IAM policy documentation clarity but doesn't address a specific security vulnerability. The Resource ARN example helps prevent over-permissive policies, which is a security best practice.
Diff
diff --git a/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.md b/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.md index cf044cccb..28b94bc01 100644 --- a//AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.md +++ b//AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.md @@ -184,2 +184,3 @@ JSON - "Statement": - [{ + "Statement": [ + { + "Sid": "AssumeRoleForBackup", @@ -187,3 +188,7 @@ JSON - "Principal": {"Service": ""}, - "Action": "sts:AssumeRole" - }] + "Principal": { + "Service": "rds.amazonaws.com" + }, + "Action": "sts:AssumeRole", + "Resource": "arn:aws:rds:123456789012:db:db-identifier" + } + ] @@ -206,2 +212 @@ JSON - "Statement": - [ + "Statement": [ @@ -212 +217 @@ JSON - "Resource":"arn:aws:iam::iam_user_id:role/S3Access" + "Resource": "arn:aws:iam::111122223333:role/S3Access"