AWS Security ChangesHomeSearch

AWS codepipeline documentation change

Service: codepipeline · 2025-08-19 · Documentation low

File: codepipeline/latest/userguide/action-reference-LambdaDeploy.md

Summary

Updated ARN patterns with specific region (us-east-1) and account ID (111122223333) in policy examples

Security assessment

The changes standardize example ARN formats but do not introduce new security controls or address vulnerabilities. This improves documentation clarity rather than security posture.

Diff

diff --git a/codepipeline/latest/userguide/action-reference-LambdaDeploy.md b/codepipeline/latest/userguide/action-reference-LambdaDeploy.md
index 16b3a0df0..18e146870 100644
--- a//codepipeline/latest/userguide/action-reference-LambdaDeploy.md
+++ b//codepipeline/latest/userguide/action-reference-LambdaDeploy.md
@@ -161,0 +162,6 @@ When CodePipeline runs the action, CodePipeline service role requires the follow
+JSON
+    
+
+****
+    
+    
@@ -178,2 +184,2 @@ When CodePipeline runs the action, CodePipeline service role requires the follow
-                    "arn:aws:lambda:aws:{{customerAccountId}}:function:{{FunctionName}}",
-                    "arn:aws:lambda:aws:{{customerAccountId}}:function:{{FunctionName}}:*"
+                    "arn:aws:lambda:us-east-1:111122223333:function:{{FunctionName}}",
+                    "arn:aws:lambda:us-east-1:111122223333:function:{{FunctionName}}:*"
@@ -189 +195 @@ When CodePipeline runs the action, CodePipeline service role requires the follow
-                    "arn:aws:cloudwatch:aws:{{customerAccountId}}:alarm:{{AlarmNames}}"
+                    "arn:aws:cloudwatch:us-east-1:111122223333:alarm:{{AlarmNames}}"
@@ -199,2 +205,2 @@ When CodePipeline runs the action, CodePipeline service role requires the follow
-                    "arn:aws:logs:aws:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}",
-                    "arn:aws:logs:aws:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:*"
+                    "arn:aws:logs:us-east-1:111122223333:log-group:/us-east-1/codepipeline/{{pipelineName}}",
+                    "arn:aws:logs:us-east-1:111122223333:log-group:/us-east-1/codepipeline/{{pipelineName}}:*"
@@ -211 +217 @@ When CodePipeline runs the action, CodePipeline service role requires the follow
-                    "arn:aws:logs:aws:{{customerAccountId}}:log-group:/aws/codepipeline/{{pipelineName}}:log-stream:*"
+                    "arn:aws:logs:us-east-1:111122223333:log-group:/us-east-1/codepipeline/{{pipelineName}}:log-stream:*"