AWS AmazonECS documentation change
Summary
Updated SecretsManager ARN format and modified S3 permissions (GetObjectVersion/ListBucket)
Security assessment
Switching to ListBucket and GetObjectVersion aligns with least-privilege best practices, improving security documentation but not fixing a specific vulnerability.
Diff
diff --git a/AmazonECS/latest/developerguide/fargate-linux-gmsa.md b/AmazonECS/latest/developerguide/fargate-linux-gmsa.md index 9d6340b6c..e990863bc 100644 --- a//AmazonECS/latest/developerguide/fargate-linux-gmsa.md +++ b//AmazonECS/latest/developerguide/fargate-linux-gmsa.md @@ -99 +99 @@ JSON - "arn:aws:secretsmanager:arn:aws::111122223333:secret:MySecret" + "arn:aws:secretsmanager:us-east-1:111122223333:secret:MySecret" @@ -143,2 +143,2 @@ JSON - "s3:GetObject", - "s3:ListObjects" + "s3:GetObjectVersion", + "s3:ListBucket"