AWS apprunner documentation change
Summary
Removed JSON policy examples for Secrets Manager and SSM parameter access permissions from instance role documentation
Security assessment
The removed content was example IAM policies for accessing secrets/parameters. While these relate to security configurations, the removal itself doesn't indicate a security vulnerability fix. However, it might impact users' ability to properly configure required permissions if they relied on these examples.
Diff
diff --git a/apprunner/latest/dg/env-variable.md b/apprunner/latest/dg/env-variable.md index 6c9ae4ad5..a8f0c0110 100644 --- a//apprunner/latest/dg/env-variable.md +++ b//apprunner/latest/dg/env-variable.md @@ -96,25 +95,0 @@ Copy, the following template to your instance role to add permission to referenc -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "secretsmanager:GetSecretValue", - "kms:Decrypt*" - ], - "Resource": [ - "arn:aws:secretsmanager:<region>:<aws_account_id>:secret:<secret_name>", - "arn:aws:kms:<region>:<aws_account_id>:key/<key_id>" - ] - } - ] - } - - @@ -123,23 +97,0 @@ Copy the following template to your instance role to add permission to reference -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ssm:GetParameters" - ], - "Resource": [ - "arn:aws:ssm:<region>:<aws_account_id>:parameter/<parameter_name>" - ] - } - ] - } - -