AWS rolesanywhere documentation change
Summary
Removed a JSON trust policy example for IAM Roles Anywhere with source ARN conditions.
Security assessment
The policy removal does not demonstrate a security fix. The example included security best practices (ArnEquals condition), but its deletion lacks explicit security context.
Diff
diff --git a/rolesanywhere/latest/userguide/getting-started.md b/rolesanywhere/latest/userguide/getting-started.md index 145c072ac..b96a8a356 100644 --- a//rolesanywhere/latest/userguide/getting-started.md +++ b//rolesanywhere/latest/userguide/getting-started.md @@ -82,33 +81,0 @@ Before you can create an IAM Roles Anywhere profile, you need at least one IAM r -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": [ - "rolesanywhere.amazonaws.com" - ] - }, - "Action": [ - "sts:AssumeRole", - "sts:TagSession", - "sts:SetSourceIdentity" - ], - "Condition": { - "ArnEquals": { - "aws:SourceArn": [ - "arn:aws:rolesanywhere:us-east-1:account:trust-anchor/TA_ID" - ] - } - } - } - ] - } - -