AWS opsworks documentation change
Summary
Removed JSON examples of IAM policies granting S3 and OpsWorks permissions
Security assessment
The change removes example IAM policies but does not address a specific security vulnerability. This appears to be documentation cleanup rather than a security fix.
Diff
diff --git a/opsworks/latest/userguide/opsworks-security-appsrole.md b/opsworks/latest/userguide/opsworks-security-appsrole.md index 57a9085fd..059468cd8 100644 --- a//opsworks/latest/userguide/opsworks-security-appsrole.md +++ b//opsworks/latest/userguide/opsworks-security-appsrole.md @@ -95,18 +94,0 @@ When you create your instance profile, you can attach an appropriate policy to t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ { - "Effect": "Allow", - "Action": "s3:*", - "Resource": "arn:aws:s3:region::amzn-s3-demo-bucket/*" - } - ] - } - - @@ -119,29 +100,0 @@ The following is an example of an IAM policy that allows you to call any OpsWork -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:*", - "s3:*", - "opsworks:*", - "iam:PassRole" - ], - "Resource": "arn:aws:ec2:region:account_id:instance/*", - "Condition": { - "StringEquals": { - "iam:PassedToService": "opsworks.amazonaws.com" - } - } - } - ] - } - -