AWS elasticbeanstalk high security documentation change
Summary
Modified IAM policy example to restructure iam:PassRole permissions with explicit resource ARN
Security assessment
The change enforces the principle of least privilege by scoping iam:PassRole to a specific role ARN, reducing the risk of privilege escalation via overly broad permissions.
Diff
diff --git a/elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md b/elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md index e9960490b..28169009e 100644 --- a//elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md +++ b//elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md @@ -66 +65,0 @@ JSON - "iam:PassRole", @@ -79,0 +79,7 @@ JSON + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": "arn:aws:iam::111122223333:role/MyRole"