AWS govcloud-us documentation change
Summary
Removed SCP policy example restricting root user access key management
Security assessment
While the removed SCP was security-related documentation, its deletion doesn't indicate a security issue fix - it simply removes an example of security best practices.
Diff
diff --git a/govcloud-us/latest/UserGuide/govcloud-account-root-user.md b/govcloud-us/latest/UserGuide/govcloud-account-root-user.md index f7724b979..37582ee3b 100644 --- a//govcloud-us/latest/UserGuide/govcloud-account-root-user.md +++ b//govcloud-us/latest/UserGuide/govcloud-account-root-user.md @@ -150,51 +149,0 @@ This SCP will not affect the AWS GovCloud (US) Organizations Management account -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [{ - "Sid": "AccessKeyManagementOnly", - "Effect": "Deny", - "NotAction": [ - "iam:DeleteAccessKey", - "iam:CreateAccessKey", - "iam:ListAccessKeys" - ], - "Resource": [ - "*" - ], - "Condition": { - "StringLike": { - "aws:PrincipalArn": [ - "arn:aws-us-gov:iam::*:root" - ] - } - } - }, - { - "Sid": "RootUserAccessKeyManagementOnly", - "Effect": "Deny", - "Action": [ - "iam:DeleteAccessKey", - "iam:CreateAccessKey", - "iam:ListAccessKeys" - ], - "Resource": [ - "arn:aws-us-gov:iam::*:user/*" - ], - "Condition": { - "StringLike": { - "aws:PrincipalArn": [ - "arn:aws-us-gov:iam::*:root" - ] - } - } - } - ] - } - -