AWS robomaker medium security documentation change
Summary
Removed multiple JSON IAM policy examples including permissions for RoboMaker, S3, logs, and ECR operations.
Security assessment
The removal of policies like `robomaker:DescribeWorld` with `Resource: *` and broad S3/ECR permissions reduces exposure to potential over-permissive policies. This addresses security through improved least-privilege guidance.
Diff
diff --git a/robomaker/latest/dg/auth-and-access-control.md b/robomaker/latest/dg/auth-and-access-control.md index afee15d75..1169055b5 100644 --- a//robomaker/latest/dg/auth-and-access-control.md +++ b//robomaker/latest/dg/auth-and-access-control.md @@ -98,22 +97,0 @@ You can grant permissions required to view AWS RoboMaker worlds in the AWS RoboM -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "robomaker: DescribeWorld" - ], - "Resource": "*", - "Effect": "Allow" - } - ] - } - - - @@ -201,63 +178,0 @@ Jobs with Private ECR images - -JSON - -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "s3:ListBucket", - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-source-bucket" - ], - "Effect": "Allow" - }, - { - "Action": [ - "s3:Get*", - "s3:List*" - ], - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-source-bucket/*" - ], - "Effect": "Allow" - }, - { - "Action": "s3:Put*", - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-destination-bucket/*" - ], - "Effect": "Allow" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Resource": [ - "arn:aws:logs:*:111122223333:log-group:/aws/robomaker/SimulationJobs*" - ], - "Effect": "Allow" - }, - { - "Action": [ - "ecr:BatchGetImage", - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer" - ], - "Resource": "arn:aws:us-east-1:account#:repository/repository_name", - "Effect": "Allow" - } - ] - } - -