AWS prescriptive-guidance medium security documentation change
Summary
Removed 'dynamodb:TransactGetItems' permission and fixed a policy action typo from 'dynanamodb' to 'dynamodb'
Security assessment
Removing TransactGetItems tightens least-privilege access, and fixing the typo prevents potential policy misconfiguration. The typo correction addresses a concrete security risk where policies might fail to enforce intended restrictions due to incorrect action name.
Diff
diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md b/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md index 6ae5ae67c..06207fd48 100644 --- a//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md +++ b//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md @@ -22,2 +22 @@ As your organization discusses strategies to physically and logically separate p - "dynamodb:Scan", - "dynamodb:TransactGetItems" + "dynamodb:Scan" @@ -37 +36 @@ As your organization discusses strategies to physically and logically separate p - "dynanamodb:Select":[ + "dynamodb:Select":[