AWS quicksight documentation change
Summary
Removed two sample IAM policies for dashboard embedding permissions
Security assessment
While IAM policies are security-related, removing examples without explanation does not directly indicate a security vulnerability. This seems to be documentation simplification rather than addressing a specific security issue.
Diff
diff --git a/quicksight/latest/user/embedded-analytics-dashboards-for-authenticated-users.md b/quicksight/latest/user/embedded-analytics-dashboards-for-authenticated-users.md index b36df4394..fd487ec56 100644 --- a//quicksight/latest/user/embedded-analytics-dashboards-for-authenticated-users.md +++ b//quicksight/latest/user/embedded-analytics-dashboards-for-authenticated-users.md @@ -46,29 +45,0 @@ The following sample policy provides these permissions. -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForRegisteredUser" - ], - "Resource": "arn:aws:quicksight:region:accountId:user/namespace/userName", - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - - @@ -79,38 +49,0 @@ The following sample policy provides permission to retrieve an embedding URL for -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "quicksight:RegisterUser", - "Resource": "*", - "Effect": "Allow" - }, - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForRegisteredUser" - ], - "Resource": [ - "arn:aws:quicksight:*:{{accountId}}:namespace/{{namespace}}", - "arn:aws:quicksight:*:{{accountId}}:dashboard/{{dashboardId-1}}", - "arn:aws:quicksight:*:{{accountId}}:dashboard/{{dashboardId-2}}" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - -