AWS sagemaker medium security documentation change
Summary
Updated bucket names and VPC endpoint IDs in resource policy examples
Security assessment
Removed wildcard '*' principal and specified concrete VPC endpoint IDs, demonstrating proper access restriction. This change shows how to limit access to specific VPC endpoints, which is a security best practice for reducing attack surface.
Diff
diff --git a/sagemaker/latest/dg/samurai-vpc-labeling-job.md b/sagemaker/latest/dg/samurai-vpc-labeling-job.md index 1a029b65e..db5de7e64 100644 --- a//sagemaker/latest/dg/samurai-vpc-labeling-job.md +++ b//sagemaker/latest/dg/samurai-vpc-labeling-job.md @@ -92,2 +92 @@ JSON - "Sid": "Access-to-specific-VPCE-only", - "Principal": "*", + "Sid": "AccessToSpecificVPCEOnly", @@ -100,2 +99,2 @@ JSON - "arn:aws:s3:::<bucket-name>", - "arn:aws:s3:::<bucket-name>/*" + "arn:aws:s3:::amzn-s3-demo-bucket", + "arn:aws:s3:::amzn-s3-demo-bucket/*" @@ -106,2 +105,2 @@ JSON - "<vpc-endpoint>", - "<vpc>" + "vpce-12345678", + "vpce-12345678901234567"