AWS dms documentation change
Summary
Removed JSON example of comprehensive IAM policy granting DMS-related permissions across multiple services
Security assessment
The removed policy example showed granular permissions for DMS operations but did not specifically address security vulnerabilities. This appears to be a general documentation cleanup rather than a security-focused change.
Diff
diff --git a/dms/latest/userguide/security-iam.md b/dms/latest/userguide/security-iam.md index 8c5ba57bd..112961173 100644 --- a//dms/latest/userguide/security-iam.md +++ b//dms/latest/userguide/security-iam.md @@ -158,71 +157,0 @@ You can further restrict access to AWS DMS resources using tagging. For more inf -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "dms:*", - "Resource": "arn:aws:dms:region:account:resourcetype/id" - }, - { - "Effect": "Allow", - "Action": [ - "kms:ListAliases", - "kms:DescribeKey" - ], - "Resource": "arn:aws:service:region:account:resourcetype/id" - }, - { - "Effect": "Allow", - "Action": [ - "iam:GetRole", - "iam:PassRole", - "iam:CreateRole", - "iam:AttachRolePolicy" - ], - "Resource": "arn:aws:service:region:account:resourcetype/id" - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface" - ], - "Resource": "arn:aws:service:region:account:resourcetype/id" - }, - { - "Effect": "Allow", - "Action": [ - "cloudwatch:Get*", - "cloudwatch:List*" - ], - "Resource": "arn:aws:service:region:account:resourcetype/id" - }, - { - "Effect": "Allow", - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:FilterLogEvents", - "logs:GetLogEvents" - ], - "Resource": "arn:aws:service:region:account:resourcetype/id" - } - ] - } - - - -