AWS Security ChangesHomeSearch

AWS drs documentation change

Service: drs · 2025-08-28 · Documentation low

File: drs/latest/userguide/adding-trusted-account.md

Summary

Removed three JSON trust policy examples for DRS cross-account roles

Security assessment

The deleted content showed example trust policies for disaster recovery service roles. While trust policies are security-relevant, their removal does not indicate a specific security vulnerability being addressed. This appears to be documentation simplification rather than security remediation.

Diff

diff --git a/drs/latest/userguide/adding-trusted-account.md b/drs/latest/userguide/adding-trusted-account.md
index eea937ee1..7665b6c09 100644
--- a//drs/latest/userguide/adding-trusted-account.md
+++ b//drs/latest/userguide/adding-trusted-account.md
@@ -124,45 +123,0 @@ The **DRSCrossAccountReplicationRole** contains the following trust policy. If y
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-        {
-        "Effect": "Allow",
-        "Principal": {
-        "Service": "drs.amazonaws.com"
-        },
-        "Action": "sts:AssumeRole",
-        "Condition": {
-        "StringLike": {
-        "aws:SourceAccount": "account-id"
-        },
-        "ArnLike": {
-        "aws:SourceArn": "arn:aws:drs:*:account-id:recovery-instance/*"
-        }
-        }
-        },
-        {
-        "Effect": "Allow",
-        "Principal": {
-        "Service": "drs.amazonaws.com"
-        },
-        "Action": "sts:AssumeRole",
-        "Condition": {
-        "StringLike": {
-        "aws:SourceAccount": "account-id"
-        },
-        "ArnLike": {
-        "aws:SourceArn": "arn:aws:drs:*:account-id:source-server/*"
-        }
-        }
-        }
-        ]
-        }
-    
-    
-
@@ -175,44 +129,0 @@ The **DRSCrossAccountAgentRole** contains the following trust policy. If you pla
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::111122223333:root"
-                },
-                "Action": [
-                    "sts:AssumeRole",
-                    "sts:TagSession"
-                ],
-                "Condition": {
-                    "ArnEquals": {
-                        "aws:PrincipalArn": "arn:aws:iam::111122223333:role/service-role/DRSCrossAccountAgentAuthorizedRole_sourceAccount"
-                    }
-                }
-            },
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::111122223333:root"
-                },
-                "Action": "sts:SetSourceIdentity",
-                "Condition": {
-                    "StringLike": {
-                        "sts:SourceIdentity": "i-*"
-                    },
-                    "ArnEquals": {
-                        "aws:PrincipalArn": "arn:aws:iam::111122223333:role/service-role/DRSCrossAccountAgentAuthorizedRole_sourceAccount"
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -225,32 +135,0 @@ The **DRSCrossAccountAgentAuthorizedRole** contains the following trust policy.
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::111122223333:root"
-                },
-                "Action": [
-                    "sts:AssumeRole",
-                    "sts:TagSession"
-                ],
-                "Condition": {
-                    "StringLike": {
-                        "aws:RequestTag/SourceInstanceARN": "${ec2:SourceInstanceARN}"
-                    },
-                    "ForAnyValue:StringEquals": {
-                        "sts:TransitiveTagKeys": "SourceInstanceARN"
-                    }
-                }
-            }
-        ]
-    }
-    
-