AWS codepipeline documentation change
Summary
Modified IAM policy examples to use specific account ID (111122223333) and added JSON formatting sections.
Security assessment
Enhances security documentation by demonstrating proper resource ARN formatting with explicit account IDs, helping prevent policy errors. No direct security fix.
Diff
diff --git a/codepipeline/latest/userguide/action-reference-CloudFormation.md b/codepipeline/latest/userguide/action-reference-CloudFormation.md index 697bc42d3..ff9ef53a2 100644 --- a//codepipeline/latest/userguide/action-reference-CloudFormation.md +++ b//codepipeline/latest/userguide/action-reference-CloudFormation.md @@ -270,0 +271,6 @@ When CodePipeline runs the action, the CodePipeline service role policy requires +JSON + + +**** + + @@ -292 +298 @@ When CodePipeline runs the action, the CodePipeline service role policy requires - "arn:aws:cloudformation:*:{{customerAccountId}}:stack/[[cfnDeployStackNames]]/*" + "arn:aws:cloudformation:*:111122223333:stack/[[cfnDeployStackNames]]/*" @@ -310 +316 @@ When CodePipeline runs the action, the CodePipeline service role policy requires - "arn:aws:iam::{{customerAccountId}}:role/[[cfnExecutionRoles]]" + "arn:aws:iam::111122223333:role/[[cfnExecutionRoles]]"