AWS Security ChangesHomeSearch

AWS codepipeline medium security documentation change

Service: codepipeline · 2025-08-19 · Security-related medium

File: codepipeline/latest/userguide/security-iam-id-policies-examples.md

Summary

Updated policy conditions from StringLike to ArnLike for notifications

Security assessment

Changed notification resource conditions to use ArnLike instead of StringLike, improving specificity and reducing potential privilege escalation risks in policy examples.

Diff

diff --git a/codepipeline/latest/userguide/security-iam-id-policies-examples.md b/codepipeline/latest/userguide/security-iam-id-policies-examples.md
index 3a18d1d83..bfb4948db 100644
--- a//codepipeline/latest/userguide/security-iam-id-policies-examples.md
+++ b//codepipeline/latest/userguide/security-iam-id-policies-examples.md
@@ -25,0 +26,6 @@ The following shows an example of a permissions policy that grants permissions t
+JSON
+    
+
+****
+    
+    
@@ -44,0 +52,6 @@ The following example shows a policy in the 111222333444 account that allows use
+JSON
+    
+
+****
+    
+    
@@ -106,2 +119,2 @@ The following example shows a policy in the 111222333444 account that allows use
-            "StringLike": {
-              "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
+            "ArnLike": {
+              "codestar-notifications:NotificationsForResource": "arn:aws:iam::*:role/Service*"
@@ -117,0 +132,6 @@ After you create this policy, create the IAM role in the 111222333444 account an
+JSON
+    
+
+****
+    
+    
@@ -133,0 +155,6 @@ The following example shows a policy created in the `111111111111` AWS account t
+JSON
+    
+
+****
+    
+