AWS sagemaker-unified-studio documentation change
Summary
Removed an example IAM policy demonstrating confused deputy prevention mechanisms.
Security assessment
Removal of an example policy does not directly indicate a security issue. While the topic relates to security, the change appears to be documentation cleanup rather than addressing a specific vulnerability.
Diff
diff --git a/sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md b/sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md index 63fcbb815..f91820db4 100644 --- a//sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md +++ b//sagemaker-unified-studio/latest/adminguide/cross-service-confused-deputy-prevention.md @@ -15,35 +14,0 @@ If the `aws:SourceArn` value does not contain the account ID, such as an Amazon -The value of `aws:SourceArn` must be ResourceDescription. - -The following example shows how you can use the `aws:SourceArn` and `aws:SourceAccount` global condition context keys in ServiceNameEntity to prevent the confused deputy problem. - -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": { - "Sid": "ConfusedDeputyPreventionExamplePolicy", - "Effect": "Allow", - "Principal": { - "Service": "servicename.amazonaws.com" - }, - "Action": "servicename:ActionName", - "Resource": [ - "arn:aws:servicename:::ResourceName/*" - ], - "Condition": { - "ArnLike": { - "aws:SourceArn": "arn:aws:servicename:*:123456789012:*" - }, - "StringEquals": { - "aws:SourceAccount": "123456789012" - } - } - } - } - -