AWS prescriptive-guidance documentation change
Summary
Updated IAM policy condition formatting and trust policy structure
Security assessment
Improves documentation of secure service role configuration by demonstrating proper use of cloudformation:RoleArn conditions and trust policies, supporting least-privilege implementation.
Diff
diff --git a/prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md b/prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md index eea647361..35befbadf 100644 --- a//prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md +++ b//prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md @@ -93 +93,3 @@ In addition to the previous policy statements, you can use the `cloudformation:R - "cloudformation:RoleArn" : [<ARN of the specific CloudFormation service role>] + "cloudformation:RoleArn": [ + "<ARN of the specific CloudFormation service role>" + ] @@ -113 +114,3 @@ Additionally you can also use the `cloudformation:RoleARN` condition key to rest - "cloudformation:RoleArn" : [<ARN of a privilege CloudFormation service role>] + "cloudformation:RoleArn": [ + "<ARN of a privilege CloudFormation service role>" + ] @@ -130 +132,3 @@ The following trust policy allows only the CloudFormation service to assume the - "Principal": {"Service": "cloudformation.amazonaws.com"}, + "Principal": { + "Service": "cloudformation.amazonaws.com" + },