AWS Security ChangesHomeSearch

AWS codebuild high security documentation change

Service: codebuild · 2025-08-13 · Security-related high

File: codebuild/latest/userguide/multiple-access-tokens.md

Summary

Updated ARN patterns in IAM/KMS policy examples to use wildcards

Security assessment

Replaced specific resource ARNs with wildcard patterns ('arn:aws:iam::*:role/Service*') in KMS and Secrets Manager policies. This could allow access to unintended resources if not properly constrained.

Diff

diff --git a/codebuild/latest/userguide/multiple-access-tokens.md b/codebuild/latest/userguide/multiple-access-tokens.md
index 26ca1a9df..a76663075 100644
--- a//codebuild/latest/userguide/multiple-access-tokens.md
+++ b//codebuild/latest/userguide/multiple-access-tokens.md
@@ -81 +81 @@ JSON
-                        "<secret-arn>"
+                        "arn:aws:iam::*:role/Service*"
@@ -104 +104 @@ JSON
-                    "Resource": "<kms-key-arn>",
+                    "Resource": "arn:aws:iam::*:role/Service*",
@@ -107 +107 @@ JSON
-                            "kms:EncryptionContext:SecretARN": "<secret-arn>"
+                            "kms:EncryptionContext:SecretARN": "arn:aws:iam::*:role/Service*"
@@ -133 +133 @@ JSON
-                        "connection-arn>"
+                        "arn:aws:iam::*:role/Service*"