AWS appsync medium security documentation change
Summary
Updated Elasticsearch ARNs with 'us-east-1' region and specific account IDs
Security assessment
Regional and account-specific ARNs prevent misconfigured resource access in IAM policies.
Diff
diff --git a/appsync/latest/devguide/tutorial-elasticsearch-resolvers-js.md b/appsync/latest/devguide/tutorial-elasticsearch-resolvers-js.md index 56b8c774e..6410481f1 100644 --- a//appsync/latest/devguide/tutorial-elasticsearch-resolvers-js.md +++ b//appsync/latest/devguide/tutorial-elasticsearch-resolvers-js.md @@ -52 +52 @@ JSON - "arn:aws:es:REGION:ACCOUNTNUMBER:domain/democluster/*" + "arn:aws:es:us-east-1:ACCOUNTNUMBER:domain/democluster/*" @@ -97 +97 @@ JSON - "AWS": "arn:aws:iam::ACCOUNTNUMBER:role/service-role/APPSYNC_DATASOURCE_ROLE" + "AWS": "arn:aws:iam::111122223333:role/service-role/APPSYNC_DATASOURCE_ROLE" @@ -106 +106 @@ JSON - "Resource": "arn:aws:es:REGION:ACCOUNTNUMBER:domain/DOMAIN_NAME/*" + "Resource": "arn:aws:es:us-east-1:ACCOUNTNUMBER:domain/DOMAIN_NAME/*"