AWS opsworks documentation change
Summary
Updated IAM policy syntax for region conditions and JSON formatting
Security assessment
Modified policy syntax (e.g., using @@append operators) and region-specific ARNs. Changes appear to clarify policy structure without addressing security vulnerabilities.
Diff
diff --git a/opsworks/latest/userguide/security_iam_id-based-policy-examples.md b/opsworks/latest/userguide/security_iam_id-based-policy-examples.md index 09c884a71..7016bfadb 100644 --- a//opsworks/latest/userguide/security_iam_id-based-policy-examples.md +++ b//opsworks/latest/userguide/security_iam_id-based-policy-examples.md @@ -48,0 +49,6 @@ This example shows how you might create a policy that allows users to view the i +JSON + + +**** + + @@ -88,0 +96,6 @@ You can use conditions in your identity-based policy to control access to OpsWor +JSON + + +**** + + @@ -103 +116 @@ You can use conditions in your identity-based policy to control access to OpsWor - "Resource": "arn:aws:opsworks-cm:region:master-account-ID:server/server-name", + "Resource": "arn:aws:opsworks-cm:us-east-1:master-account-ID:server/server-name", @@ -105 +118,3 @@ You can use conditions in your identity-based policy to control access to OpsWor - "StringEquals": {"opsworks-cm:ResourceTag/Owner": "${aws:username}"} + "StringEquals": { + "opsworks-cm:ResourceTag/Owner": "${aws:username}" + }