AWS Security ChangesHomeSearch

AWS managedservices medium security documentation change

Service: managedservices · 2025-08-28 · Security-related medium

File: managedservices/latest/appguide/qs-backup-cross-account-snapshot.md

Summary

Removed example JSON policy for cross-account backup permissions

Security assessment

Removing an example policy with overly broad permissions (e.g., 'Resource: *') prevents users from applying insecure configurations, addressing potential privilege escalation risks.

Diff

diff --git a/managedservices/latest/appguide/qs-backup-cross-account-snapshot.md b/managedservices/latest/appguide/qs-backup-cross-account-snapshot.md
index 8c09397ff..7a1e28c52 100644
--- a//managedservices/latest/appguide/qs-backup-cross-account-snapshot.md
+++ b//managedservices/latest/appguide/qs-backup-cross-account-snapshot.md
@@ -46,22 +45,0 @@ Ensure that both the source and destination accounts are in the same Region. If
-JSON
-    
-
-****
-    
-    
-        {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "AllowSrcAccountPermissionsToCopy",
-                "Effect": "Allow",
-                "Action": "backup:CopyIntoBackupVault",
-                "Resource": "*",
-                "Principal": {
-                    "AWS": "arn:aws:iam::<source/prodAccount>:root"
-                }
-            }
-        ]
-    }
-    
-