AWS managedservices medium security documentation change
Summary
Removed example JSON policy for cross-account backup permissions
Security assessment
Removing an example policy with overly broad permissions (e.g., 'Resource: *') prevents users from applying insecure configurations, addressing potential privilege escalation risks.
Diff
diff --git a/managedservices/latest/appguide/qs-backup-cross-account-snapshot.md b/managedservices/latest/appguide/qs-backup-cross-account-snapshot.md index 8c09397ff..7a1e28c52 100644 --- a//managedservices/latest/appguide/qs-backup-cross-account-snapshot.md +++ b//managedservices/latest/appguide/qs-backup-cross-account-snapshot.md @@ -46,22 +45,0 @@ Ensure that both the source and destination accounts are in the same Region. If -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowSrcAccountPermissionsToCopy", - "Effect": "Allow", - "Action": "backup:CopyIntoBackupVault", - "Resource": "*", - "Principal": { - "AWS": "arn:aws:iam::<source/prodAccount>:root" - } - } - ] - } - -