AWS quicksight documentation change
Summary
Removed JSON policy example for SAML-based JIT provisioning with Okta
Security assessment
Policy removal eliminates an example of secure role assumption and tagging configuration, but no evidence of addressing a vulnerability. Security documentation reduced rather than added.
Diff
diff --git a/quicksight/latest/user/jit-email-syncing.md b/quicksight/latest/user/jit-email-syncing.md index 87365815e..8e3fe84e8 100644 --- a//quicksight/latest/user/jit-email-syncing.md +++ b//quicksight/latest/user/jit-email-syncing.md @@ -37,40 +36,0 @@ The following example illustrates an updated IAM role where the IdP is Okta. To -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::111122223333:saml-provider/Okta" - }, - "Action": "sts:AssumeRoleWithSAML", - "Resource": "*", - "Condition": { - "StringEquals": { - "SAML:aud": "https://signin.aws.amazon.com/saml" - } - } - }, - { - "Effect": "Allow", - "Principal": { - "Federated": "arn:aws:iam::111122223333:saml-provider/Okta" - }, - "Action": "sts:TagSession", - "Resource": "*", - "Condition": { - "StringLike": { - "aws:RequestTag/Email": "*" - } - } - } - ] - } - -