AWS Security ChangesHomeSearch

AWS sagemaker-unified-studio documentation change

Service: sagemaker-unified-studio · 2025-08-16 · Documentation low

File: sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md

Summary

Removed an example IAM policy demonstrating confused deputy prevention mechanisms.

Security assessment

Removal of an example policy does not directly indicate a security issue. While the topic relates to security, the change appears to be documentation cleanup rather than addressing a specific vulnerability.

Diff

diff --git a/sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md b/sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md
index 63fcbb815..f91820db4 100644
--- a//sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md
+++ b//sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md
@@ -15,35 +14,0 @@ If the `aws:SourceArn` value does not contain the account ID, such as an Amazon
-The value of `aws:SourceArn` must be ResourceDescription.
-
-The following example shows how you can use the `aws:SourceArn` and `aws:SourceAccount` global condition context keys in ServiceNameEntity to prevent the confused deputy problem.
-
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": {
-        "Sid": "ConfusedDeputyPreventionExamplePolicy",
-        "Effect": "Allow",
-        "Principal": {
-          "Service": "servicename.amazonaws.com"
-        },
-        "Action": "servicename:ActionName",
-        "Resource": [
-          "arn:aws:servicename:::ResourceName/*"
-        ],
-        "Condition": {
-          "ArnLike": {
-            "aws:SourceArn": "arn:aws:servicename:*:123456789012:*"
-          },
-          "StringEquals": {
-            "aws:SourceAccount": "123456789012"
-          }
-        }
-      }
-    }
-    
-