AWS drs documentation change
Summary
Removed three JSON trust policy examples for DRS cross-account roles
Security assessment
The deleted content showed example trust policies for disaster recovery service roles. While trust policies are security-relevant, their removal does not indicate a specific security vulnerability being addressed. This appears to be documentation simplification rather than security remediation.
Diff
diff --git a/drs/latest/userguide/adding-trusted-account.md b/drs/latest/userguide/adding-trusted-account.md index eea937ee1..7665b6c09 100644 --- a//drs/latest/userguide/adding-trusted-account.md +++ b//drs/latest/userguide/adding-trusted-account.md @@ -124,45 +123,0 @@ The **DRSCrossAccountReplicationRole** contains the following trust policy. If y -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "drs.amazonaws.com" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringLike": { - "aws:SourceAccount": "account-id" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:drs:*:account-id:recovery-instance/*" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "Service": "drs.amazonaws.com" - }, - "Action": "sts:AssumeRole", - "Condition": { - "StringLike": { - "aws:SourceAccount": "account-id" - }, - "ArnLike": { - "aws:SourceArn": "arn:aws:drs:*:account-id:source-server/*" - } - } - } - ] - } - - - @@ -175,44 +129,0 @@ The **DRSCrossAccountAgentRole** contains the following trust policy. If you pla -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:root" - }, - "Action": [ - "sts:AssumeRole", - "sts:TagSession" - ], - "Condition": { - "ArnEquals": { - "aws:PrincipalArn": "arn:aws:iam::111122223333:role/service-role/DRSCrossAccountAgentAuthorizedRole_sourceAccount" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:root" - }, - "Action": "sts:SetSourceIdentity", - "Condition": { - "StringLike": { - "sts:SourceIdentity": "i-*" - }, - "ArnEquals": { - "aws:PrincipalArn": "arn:aws:iam::111122223333:role/service-role/DRSCrossAccountAgentAuthorizedRole_sourceAccount" - } - } - } - ] - } - - @@ -225,32 +135,0 @@ The **DRSCrossAccountAgentAuthorizedRole** contains the following trust policy. -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:root" - }, - "Action": [ - "sts:AssumeRole", - "sts:TagSession" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/SourceInstanceARN": "${ec2:SourceInstanceARN}" - }, - "ForAnyValue:StringEquals": { - "sts:TransitiveTagKeys": "SourceInstanceARN" - } - } - } - ] - } - -