AWS devicefarm documentation change
Summary
Multiple policy example updates: resource ARN pattern changes, action formatting, and condition key fixes
Security assessment
Improves IAM policy examples by making resource ARNs more generic and fixing condition syntax. Enhances security documentation quality but doesn't address specific vulnerabilities.
Diff
diff --git a/devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md b/devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md index 1c1593965..01b12c172 100644 --- a//devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md +++ b//devicefarm/latest/developerguide/security_iam_id-based-policy-examples.md @@ -88,0 +89,6 @@ In addition to the `devicefarm:GetTestGridProject` endpoint, the account must ha +JSON + + +**** + + @@ -99 +105 @@ In addition to the `devicefarm:GetTestGridProject` endpoint, the account must ha - "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-project:123e4567-e89b-12d3-a456-426655441111" + "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-project:" @@ -109 +115 @@ In addition to the `devicefarm:GetTestGridProject` endpoint, the account must ha - "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-*:123e4567-e89b-12d3-a456-426655441111/*" + "Resource":"arn:aws:devicefarm:us-west-2:111122223333:testgrid-*:/*" @@ -115,0 +123,6 @@ If you are using CI systems, you should give each CI runner unique access creden +JSON + + +**** + + @@ -123 +136,4 @@ If you are using CI systems, you should give each CI runner unique access creden - "Action": [ "devicefarm:CreateUpload","devicefarm:ScheduleRun" ], + "Action": [ + "devicefarm:CreateUpload", + "devicefarm:ScheduleRun" + ], @@ -125,2 +141,2 @@ If you are using CI systems, you should give each CI runner unique access creden - "arn:aws:devicefarm:us-west-2:111122223333:project:123e4567-e89b-12d3-a456-426655440000", - "arn:aws:devicefarm:us-west-2:111122223333:*:123e4567-e89b-12d3-a456-426655440000/*", + "arn:aws:devicefarm:us-west-2:111122223333:project:", + "arn:aws:devicefarm:us-west-2:111122223333:*:/*" @@ -137,0 +153,6 @@ You can use conditions in your identity-based policy to control access to Device +JSON + + +**** + + @@ -146,3 +167,3 @@ You can use conditions in your identity-based policy to control access to Device - "devicefarm:ListTestGridSession*", - "devicefarm:GetTestGridSession", - "devicefarm:ListTestGridProjects" + ":ListTestGridSession*", + ":GetTestGridSession", + ":ListTestGridProjects" @@ -151,2 +172,2 @@ You can use conditions in your identity-based policy to control access to Device - "arn:aws:devicefarm:us-west-2:testgrid-project:*/*" - "arn:aws:devicefarm:us-west-2:testgrid-session:*/*" + "arn:aws::us-west-2:testgrid-project:*/*", + "arn:aws::us-west-2:testgrid-session:*/*" @@ -155 +176,3 @@ You can use conditions in your identity-based policy to control access to Device - "StringEquals": {"aws:TagKey/Owner":"${aws:username}"} + "StringEquals": { + "aws:TagKey/Owner": "${aws:username}" + }