AWS codebuild medium security documentation change
Summary
Fixed JSON syntax and replaced tag-based condition with region restriction in policy example
Security assessment
Changed from resource tag-based access control ('aws:ResourceTag/Status') to regional restriction ('aws:RequestedRegion'). This modifies access control logic but doesn't explicitly address a known vulnerability.
Diff
diff --git a/codebuild/latest/userguide/auth-and-access-control-using-tags.md b/codebuild/latest/userguide/auth-and-access-control-using-tags.md index 624946372..d40d6a3c5 100644 --- a//codebuild/latest/userguide/auth-and-access-control-using-tags.md +++ b//codebuild/latest/userguide/auth-and-access-control-using-tags.md @@ -105 +105 @@ JSON - "codebuild:BatchGetReportGroups," + "codebuild:BatchGetReportGroups", @@ -111 +111 @@ JSON - ] + ], @@ -114 +114,3 @@ JSON - "StringEquals" : "aws:ResourceTag/Status": "Secret" + "StringLike": { + "aws:RequestedRegion": "us-east-1" + }