AWS quicksight documentation change
Summary
Removed JSON policy example for anonymous embedding with AllowedEmbeddingDomains
Security assessment
Deleted policy demonstrated domain whitelisting for anonymous access. Removal doesn't fix vulnerabilities but reduces security configuration guidance.
Diff
diff --git a/quicksight/latest/user/embedded-analytics-visuals-for-everyone.md b/quicksight/latest/user/embedded-analytics-visuals-for-everyone.md index 5fe531433..0cd4db69b 100644 --- a//quicksight/latest/user/embedded-analytics-visuals-for-everyone.md +++ b//quicksight/latest/user/embedded-analytics-visuals-for-everyone.md @@ -46,33 +45,0 @@ The following sample policy provides these permissions for use with `GenerateEmb -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "quicksight:GenerateEmbedUrlForAnonymousUser" - ], - "Resource": [ - "arn:aws:quicksight:{{region}}:{{accountId}}:namespace/{{namespace}}", - "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-1}}", - "arn:aws:quicksight:{{region}}:{{accountId}}:dashboard/{{dashboardId-2}}" - ], - "Condition": { - "ForAllValues:StringEquals": { - "quicksight:AllowedEmbeddingDomains": [ - "https://my.static.domain1.com", - "https://*.my.static.domain2.com" - ] - } - } - } - ] - } - -