AWS apprunner documentation change
Summary
Removed multiple JSON policy examples for IAM roles related to AppRunner service access and trust relationships
Security assessment
The changes remove policy examples but don't indicate any specific security vulnerability being addressed. This appears to be documentation cleanup rather than security remediation.
Diff
diff --git a/apprunner/latest/dg/security_iam_service-with-iam.md b/apprunner/latest/dg/security_iam_service-with-iam.md index 352de3d06..7fae116e7 100644 --- a//apprunner/latest/dg/security_iam_service-with-iam.md +++ b//apprunner/latest/dg/security_iam_service-with-iam.md @@ -141,61 +140,0 @@ For examples of user policies, see [User policies](./security_iam_id-based-polic -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - ":List*", - ":Describe*" - ], - "Resource": "*" - } - ] - } - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "iam:CreateServiceLinkedRole", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner", - "arn:aws:iam::*:role/aws-service-role/networking.apprunner.amazonaws.com/AWSServiceRoleForAppRunnerNetworking" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "apprunner.amazonaws.com", - "networking.apprunner.amazonaws.com" - ] - } - } - }, - { - "Effect": "Allow", - "Action": "iam:PassRole", - "Resource": "*", - "Condition": { - "StringLike": { - "iam:PassedToService": "apprunner.amazonaws.com" - } - } - }, - { - "Sid": "AppRunnerAdminAccess", - "Effect": "Allow", - "Action": "apprunner:*", - "Resource": "*" - } - ] - } - @@ -253,21 +191,0 @@ When you create your access role, be sure to add a trust policy that declares th -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "build..amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - - @@ -284,21 +201,0 @@ When you create your instance role, be sure to add a trust policy that declares -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "tasks..amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - } - -