AWS codepipeline documentation change
Summary
Modified IAM policy examples to use wildcard account IDs and added JSON formatting sections.
Security assessment
Changes demonstrate proper use of wildcards in IAM policies for service roles. Improves security documentation but doesn't address a specific vulnerability.
Diff
diff --git a/codepipeline/latest/userguide/action-reference-Commands.md b/codepipeline/latest/userguide/action-reference-Commands.md index 02857301d..88bfde371 100644 --- a//codepipeline/latest/userguide/action-reference-Commands.md +++ b//codepipeline/latest/userguide/action-reference-Commands.md @@ -333,0 +334,6 @@ For Commands support, add the following to your policy statement: +JSON + + +**** + + @@ -346,2 +352,2 @@ For Commands support, add the following to your policy statement: - "arn:aws:logs:{{region}}:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}", - "arn:aws:logs:{{region}}:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:log-stream:*" + "arn:aws:iam::*:role/Service*", + "arn:aws:iam::*:role/Service*"