AWS kinesisvideostreams medium security documentation change
Summary
Updated IAM policy action from AssumeRoleWithCertificate to AssumeRoleWithWebIdentity with concrete ARN
Security assessment
Corrects authentication method to use web identity rather than certificate-based assumption, which impacts authorization security controls
Diff
diff --git a/kinesisvideostreams/latest/dg/gs-create-policy.md b/kinesisvideostreams/latest/dg/gs-create-policy.md index 2d03ff9b4..7415772a8 100644 --- a//kinesisvideostreams/latest/dg/gs-create-policy.md +++ b//kinesisvideostreams/latest/dg/gs-create-policy.md @@ -66 +66 @@ JSON - "iot:AssumeRoleWithCertificate" + "iot:AssumeRoleWithWebIdentity" @@ -68 +68 @@ JSON - "Resource": "your-role-alias-arn" + "Resource": "arn:aws:iot:us-west-2:123456789012:rolealias/your-role-alias"