AWS quicksight documentation change
Summary
Removed two JSON policy examples including AllowedEmbeddingDomains and user registration permissions
Security assessment
Deleted examples showed domain restrictions and user registration controls. Removal impacts documentation quality but doesn't address vulnerabilities.
Diff
diff --git a/quicksight/latest/user/embedded-analytics-q-search-bar-for-authenticated-users.md b/quicksight/latest/user/embedded-analytics-q-search-bar-for-authenticated-users.md index ef9eda26c..52aa92ec9 100644 --- a//quicksight/latest/user/embedded-analytics-q-search-bar-for-authenticated-users.md +++ b//quicksight/latest/user/embedded-analytics-q-search-bar-for-authenticated-users.md @@ -52,29 +51,0 @@ The following sample policy provides these permissions. -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForRegisteredUser" - ], - "Resource": "arn:aws:quicksight:region:accountId:user/namespace/userName", - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - - @@ -85,36 +55,0 @@ The following sample policy provides permission to retrieve an embedding URL for -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "quicksight:RegisterUser", - "Resource": "*", - "Effect": "Allow" - }, - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForRegisteredUser" - ], - "Resource": [ - "arn:aws:quicksight:region:accountId:user/namespace/userName" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - -