AWS codepipeline documentation change
Summary
Updated ARN patterns with specific region (us-east-1) and account ID (111122223333) in policy examples
Security assessment
The changes standardize example ARN formats but do not introduce new security controls or address vulnerabilities. This improves documentation clarity rather than security posture.
Diff
diff --git a/codepipeline/latest/userguide/action-reference-LambdaDeploy.md b/codepipeline/latest/userguide/action-reference-LambdaDeploy.md index 16b3a0df0..18e146870 100644 --- a//codepipeline/latest/userguide/action-reference-LambdaDeploy.md +++ b//codepipeline/latest/userguide/action-reference-LambdaDeploy.md @@ -161,0 +162,6 @@ When CodePipeline runs the action, CodePipeline service role requires the follow +JSON + + +**** + + @@ -178,2 +184,2 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:lambda:aws:{{customerAccountId}}:function:{{FunctionName}}", - "arn:aws:lambda:aws:{{customerAccountId}}:function:{{FunctionName}}:*" + "arn:aws:lambda:us-east-1:111122223333:function:{{FunctionName}}", + "arn:aws:lambda:us-east-1:111122223333:function:{{FunctionName}}:*" @@ -189 +195 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:cloudwatch:aws:{{customerAccountId}}:alarm:{{AlarmNames}}" + "arn:aws:cloudwatch:us-east-1:111122223333:alarm:{{AlarmNames}}" @@ -199,2 +205,2 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:logs:aws:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}", - "arn:aws:logs:aws:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:*" + "arn:aws:logs:us-east-1:111122223333:log-group:/us-east-1/codepipeline/{{pipelineName}}", + "arn:aws:logs:us-east-1:111122223333:log-group:/us-east-1/codepipeline/{{pipelineName}}:*" @@ -211 +217 @@ When CodePipeline runs the action, CodePipeline service role requires the follow - "arn:aws:logs:aws:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:log-stream:*" + "arn:aws:logs:us-east-1:111122223333:log-group:/us-east-1/codepipeline/{{pipelineName}}:log-stream:*"