AWS waf documentation change
Summary
Updated IAM policy examples to use consistent terminology 'protection pack (web ACL)' instead of 'protection pack or web ACL'
Security assessment
Changes focus on documentation consistency rather than security fixes. No indication of addressing vulnerabilities or expanding security features - updates maintain existing security guidance accuracy.
Diff
diff --git a/waf/latest/developerguide/security_iam_id-based-policy-examples.md b/waf/latest/developerguide/security_iam_id-based-policy-examples.md index 0b545dab7..4435a332a 100644 --- a//waf/latest/developerguide/security_iam_id-based-policy-examples.md +++ b//waf/latest/developerguide/security_iam_id-based-policy-examples.md @@ -5 +5 @@ -Policy best practicesUsing the consoleAllow users to view their own permissionsGrant read-only access to AWS WAF, CloudFront, and CloudWatchGrant full access to AWS WAF, CloudFront, and CloudWatchGrant access to a single AWS accountGrant access to a single protection pack or web ACLGrant CLI access to a protection pack or web ACL and rule group +Policy best practicesUsing the consoleAllow users to view their own permissionsGrant read-only access to AWS WAF, CloudFront, and CloudWatchGrant full access to AWS WAF, CloudFront, and CloudWatchGrant access to a single AWS accountGrant access to a single protection pack (web ACL)Grant CLI access to a protection pack (web ACL) and rule group @@ -35 +35 @@ For details about actions and resource types defined by AWS WAF, including the f - * Grant access to a single protection pack or web ACL + * Grant access to a single protection pack (web ACL) @@ -37 +37 @@ For details about actions and resource types defined by AWS WAF, including the f - * Grant CLI access to a protection pack or web ACL and rule group + * Grant CLI access to a protection pack (web ACL) and rule group @@ -109 +109 @@ This example shows how you might create a policy that allows IAM users to view t -The following policy grants users read-only access to AWS WAF resources, to Amazon CloudFront web distributions, and to Amazon CloudWatch metrics. It's useful for users who need permission to view the settings in AWS WAF conditions, rules, and protection pack or web ACLs to see which distribution is associated with a protection pack or web ACL, and to monitor metrics and a sample of requests in CloudWatch. These users can't create, update, or delete AWS WAF resources. +The following policy grants users read-only access to AWS WAF resources, to Amazon CloudFront web distributions, and to Amazon CloudWatch metrics. It's useful for users who need permission to view the settings in AWS WAF conditions, rules, and protection packs (web ACLs) to see which distribution is associated with a protection pack (web ACL), and to monitor metrics and a sample of requests in CloudWatch. These users can't create, update, or delete AWS WAF resources. @@ -194 +194 @@ This policy grants the following permissions to the account 444455556666: - * Read and update access to all CloudFront distributions, which allows you to associate protection pack or web ACLs and CloudFront distributions. + * Read and update access to all CloudFront distributions, which allows you to associate protection packs (web ACLs) and CloudFront distributions. @@ -241 +241 @@ JSON -## Grant access to a single protection pack or web ACL +## Grant access to a single protection pack (web ACL) @@ -243 +243 @@ JSON -The following policy lets users perform any AWS WAF operation through the console on a specific protection pack or web ACL in the account `444455556666`. +The following policy lets users perform any AWS WAF operation through the console on a specific protection pack (web ACL) in the account `444455556666`. @@ -279 +279 @@ JSON -## Grant CLI access to a protection pack or web ACL and rule group +## Grant CLI access to a protection pack (web ACL) and rule group @@ -281 +281 @@ JSON -The following policy lets users perform any AWS WAF operation through the CLI on a specific protection pack or web ACL and a specific rule group in the account `444455556666`. +The following policy lets users perform any AWS WAF operation through the CLI on a specific protection pack (web ACL) and a specific rule group in the account `444455556666`. @@ -307 +307 @@ JSON -The following policy lets users perform any AWS WAF operation through the console on a specific protection pack or web ACL in the account `444455556666`. +The following policy lets users perform any AWS WAF operation through the console on a specific protection pack (web ACL) in the account `444455556666`.