AWS firehose documentation change
Summary
Added JSON syntax structure, standardized regions to 'us-east-1', and fixed KMS policy conditions
Security assessment
Example policy improvements and regional specificity. No explicit security issue addressed.
Diff
diff --git a/firehose/latest/dev/controlling-access.md b/firehose/latest/dev/controlling-access.md index eb4d3a254..5be6f127f 100644 --- a//firehose/latest/dev/controlling-access.md +++ b//firehose/latest/dev/controlling-access.md @@ -133,0 +134,6 @@ Amazon Data Firehose uses an IAM role for all the permissions that the Firehose +JSON + + +**** + + @@ -137 +143,2 @@ Amazon Data Firehose uses an IAM role for all the permissions that the Firehose - "Statement": [{ + "Statement": [ + { @@ -143,2 +150 @@ Amazon Data Firehose uses an IAM role for all the permissions that the Firehose - "Action": "sts:AssumeRole", - }] + "Action": "sts:AssumeRole" @@ -145,0 +152,3 @@ Amazon Data Firehose uses an IAM role for all the permissions that the Firehose + ] + } + @@ -1299,2 +1308 @@ JSON - "Statement": - [ + "Statement": [ @@ -1323 +1331 @@ JSON - "arn:aws:kms:region:account-id:key/key-id" + "arn:aws:kms:us-east-1:account-id:key/key-id" @@ -1327 +1335 @@ JSON - "kms:ViaService": "s3.region.amazonaws.com" + "kms:ViaService": "s3.us-east-1.amazonaws.com" @@ -1342 +1350 @@ JSON - "Resource": "arn:aws:kinesis:region:account-id:stream/stream-name" + "Resource": "arn:aws:kinesis:us-east-1:account-id:stream/stream-name" @@ -1350 +1358 @@ JSON - "arn:aws:logs:region:account-id:log-group:log-group-name:log-stream:*" + "arn:aws:logs:us-east-1:account-id:log-group:log-group-name:log-stream:*" @@ -1360 +1368 @@ JSON - "arn:aws:lambda:region:account-id:function:function-name:function-version" + "arn:aws:lambda:us-east-1:account-id:function:function-name:function-version"