AWS incident-manager high security documentation change
Summary
Fixed Principal field syntax and added JSON formatting
Security assessment
Corrects quote syntax in Principal field ('*' instead of “*”) which could cause policy parsing failures leading to unintended access. Fixes a potential misconfiguration vulnerability.
Diff
diff --git a/incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md b/incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md index dd93ab90f..933ac91de 100644 --- a//incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md +++ b//incident-manager/latest/userguide/security_iam_resource-based-policy-examples.md @@ -20,0 +21,6 @@ The `Condition` block uses the `StringEquals` conditions and the `aws:PrincipalO +JSON + + +**** + + @@ -28 +34 @@ The `Condition` block uses the `StringEquals` conditions and the `aws:PrincipalO - "Principal": “*”, + "Principal": "*", @@ -30 +36,3 @@ The `Condition` block uses the `StringEquals` conditions and the `aws:PrincipalO - "StringEquals": {"aws:PrincipalOrgID":"o-abc123def45"} + "StringEquals": { + "aws:PrincipalOrgID": "o-abc123def45" + } @@ -55,0 +65,6 @@ The following example grants permission to the principal with the ARN `arn:aws:i +JSON + + +**** + + @@ -73 +88 @@ The following example grants permission to the principal with the ARN `arn:aws:i - "arn:aws:ssm-contacts:*:111122223333:contact/mycontact" + "arn:aws:ssm-contacts:*:111122223333:contact/mycontact",