AWS quicksight documentation change
Summary
Removed two JSON policy examples with AllowedEmbeddingDomains conditions and GenerateEmbedUrlForRegisteredUser permissions
Security assessment
Deleted policies demonstrated domain restrictions and user registration controls. Removal reduces documentation of security features but doesn't fix vulnerabilities.
Diff
diff --git a/quicksight/latest/user/embedded-analytics-full-console-for-authenticated-users.md b/quicksight/latest/user/embedded-analytics-full-console-for-authenticated-users.md index b4b7c68f7..429995df0 100644 --- a//quicksight/latest/user/embedded-analytics-full-console-for-authenticated-users.md +++ b//quicksight/latest/user/embedded-analytics-full-console-for-authenticated-users.md @@ -59,36 +58,0 @@ The following sample policy provides these permissions. -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "quicksight:RegisterUser", - "Resource": "*", - "Effect": "Allow" - }, - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForRegisteredUser" - ], - "Resource": [ - "arn:aws:quicksight:region:accountId:user/namespace/userName" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - - @@ -97,31 +60,0 @@ The following sample policy provides permission to retrieve a console session UR -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForRegisteredUser" - ], - "Resource": [ - "arn:aws:quicksight:region:accountId:user/namespace/userName" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - -