AWS Security ChangesHomeSearch

AWS devicefarm documentation change

Service: devicefarm · 2025-07-25 · Documentation medium

File: devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md

Summary

Multiple policy example updates: resource ARN pattern changes, action formatting, and condition key fixes

Security assessment

Improves IAM policy examples by making resource ARNs more generic and fixing condition syntax. Enhances security documentation quality but doesn't address specific vulnerabilities.

Diff

diff --git a/devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md b/devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md
index 1c1593965..01b12c172 100644
--- a//devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md
+++ b//devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md
@@ -88,0 +89,6 @@ In addition to the `devicefarm:GetTestGridProject` endpoint, the account must ha
+JSON
+    
+
+****
+    
+    
@@ -99 +105 @@ In addition to the `devicefarm:GetTestGridProject` endpoint, the account must ha
-             "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-project:123e4567-e89b-12d3-a456-426655441111"
+             "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-project:"
@@ -109 +115 @@ In addition to the `devicefarm:GetTestGridProject` endpoint, the account must ha
-             "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-*:123e4567-e89b-12d3-a456-426655441111/*"
+             "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-*:/*"
@@ -115,0 +123,6 @@ If you are using CI systems, you should give each CI runner unique access creden
+JSON
+    
+
+****
+    
+    
@@ -123 +136,4 @@ If you are using CI systems, you should give each CI runner unique access creden
-             "Action": [ "devicefarm:CreateUpload","devicefarm:ScheduleRun" ],
+                "Action": [
+                    "devicefarm:CreateUpload",
+                    "devicefarm:ScheduleRun"
+                ],
@@ -125,2 +141,2 @@ If you are using CI systems, you should give each CI runner unique access creden
-                "arn:aws:devicefarm:us-west-2:111122223333:project:123e4567-e89b-12d3-a456-426655440000",
-                "arn:aws:devicefarm:us-west-2:111122223333:*:123e4567-e89b-12d3-a456-426655440000/*",
+                    "arn:aws:devicefarm:us-west-2:111122223333:project:",
+                    "arn:aws:devicefarm:us-west-2:111122223333:*:/*"
@@ -137,0 +153,6 @@ You can use conditions in your identity-based policy to control access to Device
+JSON
+    
+
+****
+    
+    
@@ -146,3 +167,3 @@ You can use conditions in your identity-based policy to control access to Device
-                  "devicefarm:ListTestGridSession*",
-                  "devicefarm:GetTestGridSession", 
-                  "devicefarm:ListTestGridProjects" 
+                    ":ListTestGridSession*",
+                    ":GetTestGridSession",
+                    ":ListTestGridProjects"
@@ -151,2 +172,2 @@ You can use conditions in your identity-based policy to control access to Device
-                   "arn:aws:devicefarm:us-west-2:testgrid-project:*/*"
-                   "arn:aws:devicefarm:us-west-2:testgrid-session:*/*"
+                    "arn:aws::us-west-2:testgrid-project:*/*",
+                    "arn:aws::us-west-2:testgrid-session:*/*"
@@ -155 +176,3 @@ You can use conditions in your identity-based policy to control access to Device
-                   "StringEquals": {"aws:TagKey/Owner":"${aws:username}"}
+                    "StringEquals": {
+                        "aws:TagKey/Owner": "${aws:username}"
+                    }