AWS Security ChangesHomeSearch

AWS systems-manager high security documentation change

Service: systems-manager · 2025-08-28 · Security-related high

File: systems-manager/latest/userguide/cross-service-confused-deputy-prevention.md

Summary

Removed a JSON policy example demonstrating confused deputy prevention using aws:SourceArn and aws:SourceAccount conditions.

Security assessment

The deleted example provided critical guidance for mitigating confused deputy attacks, a security risk. Removing it could lead to insecure IAM policies if users are unaware of proper condition key usage.

Diff

diff --git a/systems-manager/latest/userguide/cross-service-confused-deputy-prevention.md b/systems-manager/latest/userguide/cross-service-confused-deputy-prevention.md
index e5b5bbec3..ff19a6379 100644
--- a//systems-manager/latest/userguide/cross-service-confused-deputy-prevention.md
+++ b//systems-manager/latest/userguide/cross-service-confused-deputy-prevention.md
@@ -21,30 +20,0 @@ The following example demonstrates using the `aws:SourceArn` and `aws:SourceAcco
-JSON
-    
-
-****
-    
-    
-    
-    {
-       "Version":"2012-10-17",
-       "Statement":[
-          {
-             "Sid":"",
-             "Effect":"Allow",
-             "Principal":{
-                "Service":"ssm.amazonaws.com"
-             },
-             "Action":"sts:AssumeRole",
-             "Condition":{
-                "StringEquals":{
-                   "aws:SourceAccount":"123456789012"
-                },
-                "ArnEquals":{
-                   "aws:SourceArn":"us-east-1:123456789012:*"
-                }
-             }
-          }
-       ]
-    }
-    
-