AWS codepipeline documentation change
Summary
Updated IAM policy examples with specific region/account ID (us-east-1/111122223333) and added JSON formatting sections.
Security assessment
Provides more precise resource ARN examples in security policies, reducing misconfiguration risks. No evidence of security vulnerability remediation.
Diff
diff --git a/codepipeline/latest/userguide/action-reference-EC2Deploy.md b/codepipeline/latest/userguide/action-reference-EC2Deploy.md index 6f630a518..1ae48d45f 100644 --- a//codepipeline/latest/userguide/action-reference-EC2Deploy.md +++ b//codepipeline/latest/userguide/action-reference-EC2Deploy.md @@ -168,0 +169,6 @@ When CodePipeline runs the action, CodePipeline service role requires the follow +JSON + + +**** + + @@ -198 +204 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:logs:{{region}}:{{AccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:*" + "arn:aws:logs:us-east-1:111122223333:log-group:/aws/codepipeline/{{pipelineName}}:*" @@ -209 +215 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:elasticloadbalancing:{{region}}:{{AccountId}}:targetgroup/[[targetGroupName]]/*" + "arn:aws:elasticloadbalancing:us-east-1:111122223333:targetgroup/[[targetGroupName]]/*" @@ -219 +225 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:ec2:{{region}}:{{AccountId}}:instance/*" + "arn:aws:ec2:us-east-1:111122223333:instance/*" @@ -234,2 +240,2 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:ssm:{{region}}::document/AWS-RunPowerShellScript", - "arn:aws:ssm:{{region}}::document/AWS-RunShellScript" + "arn:aws:ssm:us-east-1::document/AWS-RunPowerShellScript", + "arn:aws:ssm:us-east-1::document/AWS-RunShellScript"