AWS enclaves documentation change
Summary
Added JSON code block formatting markers and replaced placeholder account/region values with example values (us-east-1, 111122223333) in IAM policy examples
Security assessment
While the changes improve policy example clarity, there is no evidence of addressing security vulnerabilities. Placeholder replacement is documentation improvement rather than security feature addition.
Diff
diff --git a/enclaves/latest/user/install-acm.md b/enclaves/latest/user/install-acm.md index 361f15742..25d131dca 100644 --- a//enclaves/latest/user/install-acm.md +++ b//enclaves/latest/user/install-acm.md @@ -35,0 +36,6 @@ The user performing this configuration must have permission to use the `ec2:Asso +JSON + + +**** + + @@ -47,2 +53,2 @@ The user performing this configuration must have permission to use the `ec2:Asso - "arn:aws:acm:region:account_id:certificate/*", - "arn:aws:iam::account_id:role/*" + "arn:aws:acm:us-east-1:111122223333:certificate/*", + "arn:aws:iam::111122223333:role/*" @@ -131,0 +139,6 @@ Create a JSON file named `acm-role` and add the following policy statement. +JSON + + +**** + + @@ -191,0 +206,6 @@ Create a JSON file named `acm-role-policies.json`, add the following policy stat +JSON + + +**** + + @@ -201 +221,3 @@ Create a JSON file named `acm-role-policies.json`, add the following policy stat - "Resource": ["arn:aws:s3:::CertificateS3BucketName/*"] + "Resource": [ + "arn:aws:s3:::CertificateS3BucketName/*" + ] @@ -209 +231 @@ Create a JSON file named `acm-role-policies.json`, add the following policy stat - "Resource": "arn:aws:kms:region:*:key/EncryptionKmsKeyId" + "Resource": "arn:aws:kms:us-east-1:*:key/EncryptionKmsKeyId"