AWS incident-manager documentation change
Summary
Added JSON formatting and specified concrete account ID in SSM ARNs
Security assessment
Provides clearer cross-account policy examples but doesn't fix security vulnerabilities. Improves documentation of secure cross-account patterns.
Diff
diff --git a/incident-manager/latest/userguide/runbooks.md b/incident-manager/latest/userguide/runbooks.md index 208570cbd..ebdd8aebc 100644 --- a//incident-manager/latest/userguide/runbooks.md +++ b//incident-manager/latest/userguide/runbooks.md @@ -72,0 +73,6 @@ The second statement allows the Runbook service role to assume a role in another +JSON + + +**** + + @@ -81,2 +87,2 @@ The second statement allows the Runbook service role to assume a role in another - "arn:aws:ssm:*:{{DocumentAccountId}}:automation-definition/{{DocumentName}}:*", - "arn:aws:ssm:*:{{DocumentAccountId}}:document/{{DocumentName}}:*", + "arn:aws:ssm:*:111122223333:automation-definition/{{DocumentName}}:*", + "arn:aws:ssm:*:111122223333:document/{{DocumentName}}:*",