AWS Security ChangesHomeSearch

AWS codepipeline documentation change

Service: codepipeline · 2025-08-19 · Documentation medium

File: codepipeline/latest/userguide/action-reference-Commands.md

Summary

Modified IAM policy examples to use wildcard account IDs and added JSON formatting sections.

Security assessment

Changes demonstrate proper use of wildcards in IAM policies for service roles. Improves security documentation but doesn't address a specific vulnerability.

Diff

diff --git a/codepipeline/latest/userguide/action-reference-Commands.md b/codepipeline/latest/userguide/action-reference-Commands.md
index 02857301d..88bfde371 100644
--- a//codepipeline/latest/userguide/action-reference-Commands.md
+++ b//codepipeline/latest/userguide/action-reference-Commands.md
@@ -333,0 +334,6 @@ For Commands support, add the following to your policy statement:
+JSON
+    
+
+****
+    
+    
@@ -346,2 +352,2 @@ For Commands support, add the following to your policy statement:
-                    "arn:aws:logs:{{region}}:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}",
-                    "arn:aws:logs:{{region}}:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:log-stream:*"
+                    "arn:aws:iam::*:role/Service*",
+                    "arn:aws:iam::*:role/Service*"