AWS AWSEC2 documentation change
Summary
Removed JSON example IAM policy for EC2 Instance Connect Endpoint permissions
Security assessment
Removal of an example policy for Instance Connect endpoints impacts documentation completeness but doesn't indicate a security vulnerability or weakness in the service itself.
Diff
diff --git a/AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md b/AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md index 37429c4eb..b79c36a8a 100644 --- a//AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md +++ b//AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md @@ -58,58 +57,0 @@ In the following example IAM policy, the `Resource` section grants permission to -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "GrantAllActionsInAllSubnets", - "Action": [ - "ec2:CreateInstanceConnectEndpoint", - "ec2:DeleteInstanceConnectEndpoint", - "ec2:CreateNetworkInterface", - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:us-east-1:111122223333:subnet/*", - "arn:aws:ec2:us-east-1:111122223333:security-group/*", - "arn:aws:ec2:us-east-1:111122223333:network-interface/*", - "arn:aws:ec2:us-east-1:111122223333:instance-connect-endpoint/*" - ] - }, - { - "Sid": "GrantModifyOnAllResources", - "Action": [ - "ec2:ModifyInstanceConnectEndpoint", - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:us-east-1:111122223333:security-group/*", - "arn:aws:ec2:us-east-1:111122223333:network-interface/*", - "arn:aws:ec2:us-east-1:111122223333:instance-connect-endpoint/*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::111122223333:role/aws-service-role/ec2-instance-connect.amazonaws.com/AWSServiceRoleForEc2InstanceConnect" - ] - }, - { - "Sid": "Describe", - "Action": [ - "ec2:DescribeInstanceConnectEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - } - ] - } - -