AWS Security ChangesHomeSearch

AWS redshift documentation change

Service: redshift · 2025-08-28 · Documentation low

File: redshift/latest/mgmt/redshift-iam-access-control-identity-based.md

Summary

Removed multiple JSON policy examples including SageMaker/Bedrock integrations, region restrictions, and tagging permissions

Security assessment

The deletions appear to be documentation cleanup of policy examples rather than changes addressing security issues or adding security features.

Diff

diff --git a/redshift/latest/mgmt/redshift-iam-access-control-identity-based.md b/redshift/latest/mgmt/redshift-iam-access-control-identity-based.md
index 48f48857f..eb93710e8 100644
--- a//redshift/latest/mgmt/redshift-iam-access-control-identity-based.md
+++ b//redshift/latest/mgmt/redshift-iam-access-control-identity-based.md
@@ -978,29 +977,0 @@ To work with model explanation, make sure that you have the permissions to call
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Action": [
-            "sagemaker::CreateEndpoint",
-            "sagemaker::CreateEndpointConfig",
-            "sagemaker::DeleteEndpoint",
-            "sagemaker::DeleteEndpointConfig",
-            "sagemaker::DescribeEndpoint",
-            "sagemaker::DescribeEndpointConfig",
-            "sagemaker::DescribeModel",
-            "sagemaker::InvokeEndpoint",
-            "sagemaker::ListTags"
-          ],
-          "Resource": "*"
-        }
-      ]
-    }
-    
-
@@ -1049,22 +1019,0 @@ If you want to create Amazon Bedrock models, we recommend that you use the `Amaz
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": "bedrock:InvokeModel",
-                "Resource": [
-                    "*",
-                    "arn:aws:bedrock:>region<::foundation-model/*"
-                ]
-            }
-        ]
-    }
-    
-
@@ -1207,30 +1155,0 @@ By default, all permissions are denied. However, sometimes you need to explicitl
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid":"AllowUSWest2Region",
-          "Action": [
-            "redshift:*"
-          ],
-          "Effect": "Allow",
-          "Resource": "arn:aws:redshift:us-west-2:*"
-        },
-       {
-         "Sid":"DenyDeleteUSWest2Region",
-         "Action": [
-            "redshift:Delete*"
-          ],
-          "Effect": "Deny",
-          "Resource": "arn:aws:redshift:us-west-2:*"
-       }
-      ]
-    }
-    
-
@@ -1474,26 +1392,0 @@ The following example policy allows a user to tag resources with the Amazon Reds
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid":"Tagging permissions",
-                "Effect": "Allow",
-                "Action": [
-                    "redshift:DeleteTags",
-                    "redshift:CreateTags",
-                    "redshift:DescribeTags",
-                    "tag:UntagResources",
-                    "tag:TagResources"
-                ],
-                "Resource": "*"
-            }
-        ]
-    }
-    
-