AWS batch medium security documentation change
Summary
Replaced placeholder account/region values with specific examples in SSM/SecretsManager/KMS ARNs
Security assessment
Hardcoding account IDs (999999999999) and regions in resource ARNs creates a risk of credential leakage or unintended resource access if users copy examples verbatim.
Diff
diff --git a/batch/latest/userguide/specifying-sensitive-data-parameters.md b/batch/latest/userguide/specifying-sensitive-data-parameters.md index 1c1720d17..7b20f33a2 100644 --- a//batch/latest/userguide/specifying-sensitive-data-parameters.md +++ b//batch/latest/userguide/specifying-sensitive-data-parameters.md @@ -72,3 +72,3 @@ JSON - "arn:aws:ssm:<region>:<aws_account_id>:parameter/<parameter_name>", - "arn:aws:secretsmanager:<region>:<aws_account_id>:secret:<secret_name>", - "arn:aws:kms:<region>:<aws_account_id>:key/<key_id>" + "arn:aws:ssm:us-east-2:999999999999:parameter/<parameter_name>", + "arn:aws:secretsmanager:us-east-2:999999999999:secret:<secret_name>", + "arn:aws:kms:us-east-2:999999999999:key/<key_id>"