AWS cli medium security documentation change
Summary
Added documentation about buildspec security controls and IAM condition keys
Security assessment
Added guidance about preventing unauthorized buildspec modifications through IAM condition keys. This addresses potential security risks of malicious build command injection by unauthorized principals, making it a security-related documentation improvement.
Diff
diff --git a/cli/latest/reference/codebuild/start-build.md b/cli/latest/reference/codebuild/start-build.md index ace433d05..479044ba9 100644 --- a//cli/latest/reference/codebuild/start-build.md +++ b//cli/latest/reference/codebuild/start-build.md @@ -15 +15 @@ - * [AWS CLI 2.28.4 Command Reference](../../index.html) » + * [AWS CLI 2.28.6 Command Reference](../../index.html) » @@ -795 +795 @@ JSON Syntax: -> Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket. +> Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket. Alternatively, you can restrict overrides to the buildspec by using a condition key: [Prevent unauthorized modifications to project buildspec](https://docs.aws.amazon.com/codebuild/latest/userguide/action-context-keys.html#action-context-keys-example-overridebuildspec.html) . @@ -2502 +2502 @@ build -> (structure) - * [AWS CLI 2.28.4 Command Reference](../../index.html) » + * [AWS CLI 2.28.6 Command Reference](../../index.html) »