AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-08-13 · Documentation low

File: prescriptive-guidance/latest/certificate-based-access-controls/option-2.md

Summary

Updated trust anchor ARN format in role trust policy examples to use proper resource path syntax

Security assessment

The change corrects placeholder values to match valid AWS ARN formats but doesn't introduce new security controls or address vulnerabilities. This is a documentation improvement for accuracy rather than a security-related modification.

Diff

diff --git a/prescriptive-guidance/latest/certificate-based-access-controls/option-2.md b/prescriptive-guidance/latest/certificate-based-access-controls/option-2.md
index 65c37fa60..a2b86d2db 100644
--- a//prescriptive-guidance/latest/certificate-based-access-controls/option-2.md
+++ b//prescriptive-guidance/latest/certificate-based-access-controls/option-2.md
@@ -36 +36 @@ The following sample trust policy for **Role 1** has a condition that allows rol
-                            "trust-anchor-arn"
+                "arn:aws:rolesanywhere:<region>:<account-ID>:trust-anchor/<TA_ID>"
@@ -67 +67 @@ The following sample trust policy for **Role 2** has a condition that allows rol
-                            "trust-anchor-arn"
+                            "arn:aws:rolesanywhere:<region>:<account-ID>:trust-anchor/<TA_ID>"