AWS Security ChangesHomeSearch

AWS incident-manager high security documentation change

Service: incident-manager · 2025-08-25 · Security-related high

File: incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md

Summary

Fixed Principal field syntax and added JSON formatting

Security assessment

Corrects quote syntax in Principal field ('*' instead of “*”) which could cause policy parsing failures leading to unintended access. Fixes a potential misconfiguration vulnerability.

Diff

diff --git a/incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md b/incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md
index dd93ab90f..933ac91de 100644
--- a//incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md
+++ b//incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md
@@ -20,0 +21,6 @@ The `Condition` block uses the `StringEquals` conditions and the `aws:PrincipalO
+JSON
+    
+
+****
+    
+    
@@ -28 +34 @@ The `Condition` block uses the `StringEquals` conditions and the `aws:PrincipalO
-          "Principal": “*”,
+                "Principal": "*",
@@ -30 +36,3 @@ The `Condition` block uses the `StringEquals` conditions and the `aws:PrincipalO
-             "StringEquals": {"aws:PrincipalOrgID":"o-abc123def45"}
+                    "StringEquals": {
+                        "aws:PrincipalOrgID": "o-abc123def45"
+                    }
@@ -55,0 +65,6 @@ The following example grants permission to the principal with the ARN `arn:aws:i
+JSON
+    
+
+****
+    
+    
@@ -73 +88 @@ The following example grants permission to the principal with the ARN `arn:aws:i
-                    "arn:aws:ssm-contacts:*:111122223333:contact/mycontact"
+                    "arn:aws:ssm-contacts:*:111122223333:contact/mycontact",