AWS quicksight documentation change
Summary
Removed JSON policy example for GenerateEmbedUrlForAnonymousUser with AllowedEmbeddingDomains condition
Security assessment
The removed policy demonstrated domain restriction via AllowedEmbeddingDomains, but its deletion does not indicate a security fix. This reduces documentation clarity for a security control but isn't evidence of addressing a vulnerability.
Diff
diff --git a/quicksight/latest/user/embedded-analytics-dashboards-for-everyone.md b/quicksight/latest/user/embedded-analytics-dashboards-for-everyone.md index 7853b6e1c..d2dcb2dd2 100644 --- a//quicksight/latest/user/embedded-analytics-dashboards-for-everyone.md +++ b//quicksight/latest/user/embedded-analytics-dashboards-for-everyone.md @@ -52,33 +51,0 @@ The following sample policy provides these permissions for use with `GenerateEmb -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForAnonymousUser" - ], - "Resource": [ - "arn:aws:quicksight:{{region}}:{{accountId}}:namespace/{{namespace}}", - "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-1}}", - "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-2}}" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - -