AWS Security ChangesHomeSearch

AWS managedservices documentation change

Service: managedservices · 2025-08-28 · Documentation medium

File: managedservices/latest/userguide/scp-library-compliance.md

Summary

Removed JSON policy examples for restricting AMSCM actions and blocking malicious IP addresses

Security assessment

Deletion of policy examples reduces guidance on security best practices but doesn't indicate a resolved vulnerability. The removal might impact users' ability to implement security controls but isn't itself a security fix.

Diff

diff --git a/managedservices/latest/userguide/scp-library-compliance.md b/managedservices/latest/userguide/scp-library-compliance.md
index 735b34143..f13a686d1 100644
--- a//managedservices/latest/userguide/scp-library-compliance.md
+++ b//managedservices/latest/userguide/scp-library-compliance.md
@@ -68,49 +67,0 @@ For example, you might want the default `AWSManagedServicesChangeManagement Role
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Condition": {
-                    "ArnLike": {
-                        "aws:PrincipalARN": [
-                            "arn:aws:iam::*:role/AWSManagedServicesChangeManagement Role",
-                            "arn:aws:iam::*:role/AWSManagedServicesAdminRole"
-                        ]
-                    }
-                },
-                "Action": [
-                    "amscm:ApproveRfc",
-                    "amscm:CancelRfc",
-                    "amscm:CreateRfc",
-                    "amscm:CreateRfcAttachment",
-                    "amscm:CreateRfcCorrespondence",
-                    "amscm:GetRfcAttachment",
-                    "amscm:ListRfcAttachmentSummaries",
-                    "amscm:ListRfcCorrespondences",
-                    "amscm:RejectRfc",
-                    "amscm:SubmitRfc",
-                    "amscm:UpdateRestrictedExecutionTimes",
-                    "amscm:UpdateRfc"
-                ],
-                "Resource": [
-                    "arn:aws:amscm:global:*:changetype/ct-1j3503fres5a5:*",
-                    "arn:aws:amscm:global:*:changetype/ct-2paw0y79kvr3l:*",
-                    "arn:aws:amscm:global:*:changetype/ct-2ha68tpd7nr3y:*",
-                    "arn:aws:amscm:global:*:changetype/ct-2wlfo2jxj2rkj:*",
-                    "arn:aws:amscm:global:*:changetype/ct-3hox8uwjgze1f:*",
-                    "arn:aws:amscm:global:*:changetype/ct-01zl37gmuk4q2:*",
-                    "arn:aws:amscm:global:*:changetype/ct-379uwo67vbvng:*"
-                ],
-                "Effect": "Deny",
-                "Sid": "RestrictAppAccountRFCs"
-            }
-        ]
-    }
-    
-
@@ -172,33 +122,0 @@ Prevent AWS Console and API access for requests coming from known bad IP address
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Condition": {
-                    "IpAddressIfExists": {
-                        "aws:SourceIp": [
-                            "<ip address 1>",
-                            "<ip address 2>",
-                            "<ip address n>"
-                        ]
-                    }
-                },
-                "Action": [
-                    "*"
-                ],
-                "Resource": [
-                    "*"
-                ],
-                "Effect": "Deny",
-                "Sid": "IPDeny"
-            }
-        ]
-    }
-    
-