AWS gameliftservers high security documentation change
Summary
Modified IAM policy examples with incorrect action/resource syntax and added JSON markers
Security assessment
Changes introduce invalid IAM syntax (e.g., ':ListFleets' instead of 'gamelift:ListFleets' and malformed resource ARNs). This could lead to policy misconfiguration, resulting in unintended permissions. Concrete evidence of security risk due to broken policy examples.
Diff
diff --git a/gameliftservers/latest/developerguide/security_iam_id-based-policy-examples.md b/gameliftservers/latest/developerguide/security_iam_id-based-policy-examples.md index 68fa42df6..eddb26b1c 100644 --- a//gameliftservers/latest/developerguide/security_iam_id-based-policy-examples.md +++ b//gameliftservers/latest/developerguide/security_iam_id-based-policy-examples.md @@ -110,0 +111,6 @@ This policy grants the user permissions to add, update, and delete queue destina +JSON + + +**** + + @@ -138,0 +146,6 @@ You can use conditions in your identity-based policy to control access to Amazon +JSON + + +**** + + @@ -146 +159 @@ You can use conditions in your identity-based policy to control access to Amazon - "Action": "gamelift:ListFleets", + "Action": ":ListFleets", @@ -152,2 +165,2 @@ You can use conditions in your identity-based policy to control access to Amazon - "Action": "gamelift:DescribeFleetAttributes", - "Resource": "arn:aws:gamelift:*:*:fleet/*", + "Action": ":DescribeFleetAttributes", + "Resource": "arn:aws::*:*:fleet/*", @@ -155 +168 @@ You can use conditions in your identity-based policy to control access to Amazon - "StringEquals": {"gamelift:ResourceTag/Owner": "${aws:username}"} + "StringEquals": {":ResourceTag/Owner": "${aws:username}"} @@ -164,0 +179,6 @@ After you integrate your game server with Amazon GameLift Servers, upload the bu +JSON + + +**** + +