AWS Security ChangesHomeSearch

AWS dms documentation change

Service: dms · 2025-08-28 · Documentation medium

File: dms/latest/userguide/security_iam_id-based-policy-examples.md

Summary

Removed two JSON policy examples - one comprehensive DMS policy and one tag-based conditional access policy

Security assessment

While the examples demonstrated permission management patterns, their removal doesn't directly indicate addressing a security vulnerability. The tag-based conditional policy showed access control patterns but wasn't explicitly security-focused.

Diff

diff --git a/dms/latest/userguide/security_iam_id-based-policy-examples.md b/dms/latest/userguide/security_iam_id-based-policy-examples.md
index 98a3d8a5e..fa938e8c4 100644
--- a//dms/latest/userguide/security_iam_id-based-policy-examples.md
+++ b//dms/latest/userguide/security_iam_id-based-policy-examples.md
@@ -51,71 +50,0 @@ The following policy gives you access to AWS DMS, including the AWS DMS console,
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": "dms:*",
-                "Resource": "arn:aws:dms:region:account:resourcetype/id"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "kms:ListAliases", 
-                    "kms:DescribeKey"
-                ],
-                "Resource": "arn:aws:service:region:account:resourcetype/id"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "iam:GetRole",
-                    "iam:PassRole",
-                    "iam:CreateRole",
-                    "iam:AttachRolePolicy"
-                ],
-                "Resource": "arn:aws:service:region:account:resourcetype/id"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "ec2:DescribeVpcs",
-                    "ec2:DescribeInternetGateways",
-                    "ec2:DescribeAvailabilityZones",
-                    "ec2:DescribeSubnets",
-                    "ec2:DescribeSecurityGroups",
-                    "ec2:ModifyNetworkInterfaceAttribute",
-                    "ec2:CreateNetworkInterface",
-                    "ec2:DeleteNetworkInterface"
-                ],
-                "Resource": "arn:aws:service:region:account:resourcetype/id"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "cloudwatch:Get*",
-                    "cloudwatch:List*"
-                ],
-                "Resource": "arn:aws:service:region:account:resourcetype/id"
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "logs:DescribeLogGroups",
-                    "logs:DescribeLogStreams",
-                    "logs:FilterLogEvents",
-                    "logs:GetLogEvents"
-                ],
-                "Resource": "arn:aws:service:region:account:resourcetype/id"
-            }
-        ]
-    } 
-      
-            
-    
-
@@ -286,22 +214,0 @@ You can use conditions in your identity-based policy to control access to AWS DM
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": ":*",
-                "Resource": "arn:aws::*:*:endpoint/*",
-                "Condition": {
-                    "StringEquals": {":endpoint-tag/Owner": "${aws:username}"}
-                }
-            }
-        ]
-    }
-    
-