AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-08-10 · Documentation medium

File: prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md

Summary

Updated IAM policy condition formatting and trust policy structure

Security assessment

Improves documentation of secure service role configuration by demonstrating proper use of cloudformation:RoleArn conditions and trust policies, supporting least-privilege implementation.

Diff

diff --git a/prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md b/prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md
index eea647361..35befbadf 100644
--- a//prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md
+++ b//prescriptive-guidance/latest/least-privilege-cloudformation/service-roles-for-cloudformation.md
@@ -93 +93,3 @@ In addition to the previous policy statements, you can use the `cloudformation:R
-              "cloudformation:RoleArn" : [<ARN of the specific CloudFormation service role>]
+          "cloudformation:RoleArn": [
+            "<ARN of the specific CloudFormation service role>"
+          ]
@@ -113 +114,3 @@ Additionally you can also use the `cloudformation:RoleARN` condition key to rest
-              "cloudformation:RoleArn" : [<ARN of a privilege CloudFormation service role>]
+          "cloudformation:RoleArn": [
+            "<ARN of a privilege CloudFormation service role>"
+          ]
@@ -130 +132,3 @@ The following trust policy allows only the CloudFormation service to assume the
-        "Principal": {"Service": "cloudformation.amazonaws.com"},
+        "Principal": {
+          "Service": "cloudformation.amazonaws.com"
+        },