AWS connect medium security documentation change
Summary
Removed a JSON policy example for confused deputy prevention
Security assessment
The removed policy example was related to cross-service confused deputy prevention, a security mechanism. Removing it could impact users' ability to configure secure resource access, though no explicit vulnerability is mentioned.
Diff
diff --git a/connect/latest/adminguide/cross-service-confused-deputy-prevention.md b/connect/latest/adminguide/cross-service-confused-deputy-prevention.md index 8d3f9ec89..a2c7f07f3 100644 --- a//connect/latest/adminguide/cross-service-confused-deputy-prevention.md +++ b//connect/latest/adminguide/cross-service-confused-deputy-prevention.md @@ -21,32 +20,0 @@ The following examples show policies that apply to cases where someone else is s -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": { - "Sid": "ConfusedDeputyPreventionExamplePolicy", - "Effect": "Allow", - "Principal": { - "Service": "profile.amazonaws.com" - }, - "Action": ["kms:GenerateDataKey", "kms:CreateGrant", "kms:Decrypt"], - "Resource": [ - "arn:aws:kms:your region-name:your AWS account ID:key/your key ARN" - ], - "Condition": { - "ArnEquals": { - "aws:SourceArn": "arn:aws:profile:your region name:your AWS account ID:domains/your domain name" - }, - "StringEquals": { - "aws:SourceAccount": "your AWS account ID" - } - } - } - } - - -