AWS iot-device-defender medium security documentation change
Summary
Removed IAM policy example for ENABLE_IOT_LOGGING mitigation action
Security assessment
Removal of required IAM policy documentation for security logging configuration could lead to misconfigurations. The deleted policy showed necessary permissions (iot:SetV2LoggingOptions and iam:PassRole) for proper security logging setup, and its absence might result in insecure implementations.
Diff
diff --git a/iot-device-defender/latest/devguide/dd-mitigation-actions.md b/iot-device-defender/latest/devguide/dd-mitigation-actions.md index 1b20d7f23..f4838f525 100644 --- a//iot-device-defender/latest/devguide/dd-mitigation-actions.md +++ b//iot-device-defender/latest/devguide/dd-mitigation-actions.md @@ -490,33 +489,0 @@ ENABLE_IOT_LOGGING | - -JSON - - -**** - - - - { - "Version":"2012-10-17", - "Statement":[ - { - "Effect":"Allow", - "Action":[ - "iot:SetV2LoggingOptions" - ], - "Resource":[ - "*" - ] - }, - { - "Effect":"Allow", - "Action":[ - "iam:PassRole" - ], - "Resource":[ - "<IAM role ARN used for setting up logging>" - ] - } - ] - } - -