AWS mediapackage documentation change
Summary
Replaced placeholder values (e.g., AccountID, Region) with concrete examples in IAM policy JSON snippets
Security assessment
Improves example accuracy but does not address security flaws. No evidence of vulnerability remediation.
Diff
diff --git a/mediapackage/latest/userguide/endpoint-auth.md b/mediapackage/latest/userguide/endpoint-auth.md index d345db1f3..9beb9f351 100644 --- a//mediapackage/latest/userguide/endpoint-auth.md +++ b//mediapackage/latest/userguide/endpoint-auth.md @@ -25,0 +26,6 @@ To allow MediaPackage harvest jobs to get content from your origin endpoint, cre +JSON + + +**** + + @@ -39 +45 @@ To allow MediaPackage harvest jobs to get content from your origin endpoint, cre - "AWS:SourceAccount": "AccountID" + "AWS:SourceAccount": "111122223333" @@ -46 +52 @@ To allow MediaPackage harvest jobs to get content from your origin endpoint, cre - "Resource": "arn:aws:mediapackagev2:Region:AccountID:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName" + "Resource": "arn:aws:mediapackagev2:us-east-1:111122223333:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName" @@ -58,0 +66,6 @@ To authorize an external CDN that supports AWS authorization, you need to create +JSON + + +**** + + @@ -66 +79 @@ To authorize an external CDN that supports AWS authorization, you need to create - "Principal": { "AWS": "arn:aws:iam::AccountID:user/CDNProviderMediaPackageAccessUser" }, + "Principal": { "AWS": "arn:aws:iam::111122223333:user/CDNProviderMediaPackageAccessUser" }, @@ -68 +81 @@ To authorize an external CDN that supports AWS authorization, you need to create - "Resource": "arn:aws:mediapackagev2:Region:AccountID:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName" + "Resource": "arn:aws:mediapackagev2:us-east-1:111122223333:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName" @@ -95,0 +110,6 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage +JSON + + +**** + + @@ -106 +126 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage - "Resource": "arn:aws:mediapackagev2:Region:AccountID:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName" + "Resource": "arn:aws:mediapackagev2:us-east-1:111122223333:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName" @@ -116,0 +138,6 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage +JSON + + +**** + + @@ -124 +151 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage - "Principal": {"AWS": "arn:aws:iam::DifferentAccountID:root"}, + "Principal": {"AWS": "arn:aws:iam::444455556666:root"}, @@ -126 +153 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage - "Resource": "arn:aws:mediapackagev2:Region:AccountID:channelGroup/ChannelGroupName/channel/ChannelName" + "Resource": "arn:aws:mediapackagev2:us-east-1:111122223333:channelGroup/ChannelGroupName/channel/ChannelName" @@ -134,0 +163,6 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage +JSON + + +**** + + @@ -145 +179 @@ Consider the following `Allow` policy. With this policy in effect, MediaPackage - "Resource": "arn:aws:mediapackagev2:Region:AccountID:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName", + "Resource": "arn:aws:mediapackagev2:us-east-1:111122223333:channelGroup/ChannelGroupName/channel/ChannelName/originEndpoint/OriginEndpointName",