AWS appsync medium security documentation change
Summary
Formatted CloudFront policy actions and specified ACM certificate region
Security assessment
Hardcoded 'us-east-1' in ACM ARN ensures correct certificate region usage, preventing misconfiguration.
Diff
diff --git a/appsync/latest/eventapi/event-api-custom-domains.md b/appsync/latest/eventapi/event-api-custom-domains.md index 31537a1dd..00ac4e07f 100644 --- a//appsync/latest/eventapi/event-api-custom-domains.md +++ b//appsync/latest/eventapi/event-api-custom-domains.md @@ -64,2 +64,6 @@ JSON - "Action": ["cloudfront:updateDistribution"], - "Resource": ["*"] + "Action": [ + "cloudfront:updateDistribution" + ], + "Resource": [ + "*" + ] @@ -71 +75 @@ JSON - "Resource": "arn:aws:acm:Region:account-id:certificate/certificate_ID" + "Resource": "arn:aws:acm:us-east-1:account-id:certificate/certificate_ID"