AWS quicksight documentation change
Summary
Removed JSON policy example for anonymous user embedding with AllowedEmbeddingDomains
Security assessment
Policy deletion removes example of domain whitelisting but doesn't indicate a security fix. Reduces guidance for secure anonymous access configuration.
Diff
diff --git a/quicksight/latest/user/embedded-analytics-q-search-bar-for-anonymous-users.md b/quicksight/latest/user/embedded-analytics-q-search-bar-for-anonymous-users.md index 235f751e0..47ef826b7 100644 --- a//quicksight/latest/user/embedded-analytics-q-search-bar-for-anonymous-users.md +++ b//quicksight/latest/user/embedded-analytics-q-search-bar-for-anonymous-users.md @@ -49,33 +48,0 @@ The following sample policy provides these permissions. -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForAnonymousUser" - ], - "Resource": [ - "arn:aws:quicksight:{{region}}:{{accountId}}:namespace/{{namespace}}", - "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-1}}", - "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-2}}" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - -