AWS Security ChangesHomeSearch

AWS prescriptive-guidance medium security documentation change

Service: prescriptive-guidance · 2025-08-13 · Security-related medium

File: prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md

Summary

Removed 'dynamodb:TransactGetItems' permission and fixed a policy action typo from 'dynanamodb' to 'dynamodb'

Security assessment

Removing TransactGetItems tightens least-privilege access, and fixing the typo prevents potential policy misconfiguration. The typo correction addresses a concrete security risk where policies might fail to enforce intended restrictions due to incorrect action name.

Diff

diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md b/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md
index 6ae5ae67c..06207fd48 100644
--- a//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md
+++ b//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md
@@ -22,2 +22 @@ As your organization discusses strategies to physically and logically separate p
-                "dynamodb:Scan",
-                "dynamodb:TransactGetItems"
+                "dynamodb:Scan"
@@ -37 +36 @@ As your organization discusses strategies to physically and logically separate p
-                   "dynanamodb:Select":[
+                   "dynamodb:Select":[