AWS managedservices documentation change
Summary
Removed JSON policy examples for restricting AMSCM actions and blocking malicious IP addresses
Security assessment
Deletion of policy examples reduces guidance on security best practices but doesn't indicate a resolved vulnerability. The removal might impact users' ability to implement security controls but isn't itself a security fix.
Diff
diff --git a/managedservices/latest/userguide/scp-library-compliance.md b/managedservices/latest/userguide/scp-library-compliance.md index 735b34143..f13a686d1 100644 --- a//managedservices/latest/userguide/scp-library-compliance.md +++ b//managedservices/latest/userguide/scp-library-compliance.md @@ -68,49 +67,0 @@ For example, you might want the default `AWSManagedServicesChangeManagement Role -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Condition": { - "ArnLike": { - "aws:PrincipalARN": [ - "arn:aws:iam::*:role/AWSManagedServicesChangeManagement Role", - "arn:aws:iam::*:role/AWSManagedServicesAdminRole" - ] - } - }, - "Action": [ - "amscm:ApproveRfc", - "amscm:CancelRfc", - "amscm:CreateRfc", - "amscm:CreateRfcAttachment", - "amscm:CreateRfcCorrespondence", - "amscm:GetRfcAttachment", - "amscm:ListRfcAttachmentSummaries", - "amscm:ListRfcCorrespondences", - "amscm:RejectRfc", - "amscm:SubmitRfc", - "amscm:UpdateRestrictedExecutionTimes", - "amscm:UpdateRfc" - ], - "Resource": [ - "arn:aws:amscm:global:*:changetype/ct-1j3503fres5a5:*", - "arn:aws:amscm:global:*:changetype/ct-2paw0y79kvr3l:*", - "arn:aws:amscm:global:*:changetype/ct-2ha68tpd7nr3y:*", - "arn:aws:amscm:global:*:changetype/ct-2wlfo2jxj2rkj:*", - "arn:aws:amscm:global:*:changetype/ct-3hox8uwjgze1f:*", - "arn:aws:amscm:global:*:changetype/ct-01zl37gmuk4q2:*", - "arn:aws:amscm:global:*:changetype/ct-379uwo67vbvng:*" - ], - "Effect": "Deny", - "Sid": "RestrictAppAccountRFCs" - } - ] - } - - @@ -172,33 +122,0 @@ Prevent AWS Console and API access for requests coming from known bad IP address -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Condition": { - "IpAddressIfExists": { - "aws:SourceIp": [ - "<ip address 1>", - "<ip address 2>", - "<ip address n>" - ] - } - }, - "Action": [ - "*" - ], - "Resource": [ - "*" - ], - "Effect": "Deny", - "Sid": "IPDeny" - } - ] - } - -