AWS datazone medium security documentation change
Summary
Removed 'sso:GetProfiles' permission from IAM policy example
Security assessment
Removing unnecessary IAM permissions (sso:GetProfiles) reduces attack surface by adhering to the principle of least privilege. This directly addresses potential over-permission security risks.
Diff
diff --git a/datazone/latest/userguide/create-iam-roles.md b/datazone/latest/userguide/create-iam-roles.md index 6a49aa84b..dbfff8402 100644 --- a//datazone/latest/userguide/create-iam-roles.md +++ b//datazone/latest/userguide/create-iam-roles.md @@ -267 +266,0 @@ JSON - "sso:GetProfiles",