AWS payment-cryptography high security documentation change
Summary
Updated API method names (GenerateCardValidationData/VerifyCardValidationData) in IAM policy examples and added JSON formatting
Security assessment
Corrects critical IAM policy examples to use valid API names. Incorrect method names could lead to misconfigured policies allowing unintended access, directly impacting security controls.
Diff
diff --git a/payment-cryptography/latest/userguide/security_iam_id-based-policy-examples.md b/payment-cryptography/latest/userguide/security_iam_id-based-policy-examples.md index fa9504f2f..c79c9dfef 100644 --- a//payment-cryptography/latest/userguide/security_iam_id-based-policy-examples.md +++ b//payment-cryptography/latest/userguide/security_iam_id-based-policy-examples.md @@ -102,0 +103,6 @@ In this example, you want to grant an IAM user in your AWS account access to all +JSON + + +**** + + @@ -122 +128 @@ In this example, you want to grant an IAM user in your AWS account access to all -In this example, you want to grant an IAM user in your AWS account access to one of your AWS Payment Cryptography key, `arn:aws:payment-cryptography:us-east-2:111122223333:key/kwapwa6qaifllw2h` and then use this resource in two APIs, `GenerateCardData` and `VerifyCardData`. Conversely, the IAM user will not have access to use this key on other operations such as `DeleteKey` or `ExportKey` +In this example, you want to grant an IAM user in your AWS account access to one of your AWS Payment Cryptography key, `arn:aws:payment-cryptography:us-east-2:111122223333:key/kwapwa6qaifllw2h` and then use this resource in two APIs, `GenerateCardValidationData` and `VerifyCardValidationData`. Conversely, the IAM user will not have access to use this key on other operations such as `DeleteKey` or `ExportKey` @@ -125,0 +132,6 @@ Resources can be either keys, prefixed with `key` or aliases, prefixed with `ali +JSON + + +**** + + @@ -133,2 +145,2 @@ Resources can be either keys, prefixed with `key` or aliases, prefixed with `ali - "payment-cryptography:VerifyCardData", - "payment-cryptography:GenerateCardData" + "payment-cryptography:VerifyCardValidationData", + "payment-cryptography:GenerateCardValidationData" @@ -151,0 +165,6 @@ In this example, you want to permit an IAM user in your AWS account access to an +JSON + + +**** + + @@ -159,2 +178,2 @@ In this example, you want to permit an IAM user in your AWS account access to an - "payment-cryptography:VerifyCardData", - "payment-cryptography:GenerateCardData" + "payment-cryptography:VerifyCardValidationData", + "payment-cryptography:GenerateCardValidationData" @@ -169 +188 @@ In this example, you want to permit an IAM user in your AWS account access to an - "payment-cryptography:GenerateCardData" + "payment-cryptography:GenerateCardValidationData"