AWS sagemaker medium security documentation change
Summary
Fixed AWS ARN format in policy examples (replaced 'partition' with 'aws' and adjusted region/ARN structure)
Security assessment
Correcting ARN formats ensures policies enforce proper resource restrictions, addressing potential confused deputy risks caused by invalid ARN patterns.
Diff
diff --git a/sagemaker/latest/dg/security-confused-deputy-prevention.md b/sagemaker/latest/dg/security-confused-deputy-prevention.md index 602940a02..867d93be4 100644 --- a//sagemaker/latest/dg/security-confused-deputy-prevention.md +++ b//sagemaker/latest/dg/security-confused-deputy-prevention.md @@ -116 +116,3 @@ JSON - "Principal": { "Service": "sagemaker.amazonaws.com" }, + "Principal": { + "Service": "sagemaker.amazonaws.com" + }, @@ -120 +122 @@ JSON - "aws:SourceArn": "arn:partition:sagemaker:us-west-2:123456789012:image-version" + "aws:SourceArn": "arn:aws:us-west-2:123456789012:image-version" @@ -275 +277 @@ JSON - "aws:SourceArn": "arn:partition:sagemaker:region:123456789012:pipeline/mypipeline/*" + "aws:SourceArn": "arn:aws:us-east-1:123456789012:pipeline/mypipeline/*"