AWS Security ChangesHomeSearch

AWS timestream documentation change

Service: timestream · 2025-08-28 · Documentation low

File: timestream/latest/developerguide/security_iam_id-based-policy-examples.md

Summary

Removed multiple IAM policy examples including tag-based access control and resource creation policies

Security assessment

Deletion of policy examples reduces available guidance for implementing least-privilege access but doesn't indicate remediation of a specific security vulnerability. The policies removed were security-related but their removal doesn't constitute a security fix.

Diff

diff --git a/timestream/latest/developerguide/security_iam_id-based-policy-examples.md b/timestream/latest/developerguide/security_iam_id-based-policy-examples.md
index c0830e1ca..7daeb4de6 100644
--- a//timestream/latest/developerguide/security_iam_id-based-policy-examples.md
+++ b//timestream/latest/developerguide/security_iam_id-based-policy-examples.md
@@ -515,25 +514,0 @@ The following example shows how you can create a policy that grants permissions
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "ReadOnlyAccessTaggedTables",
-                "Effect": "Allow",
-                "Action": ":Select",
-                "Resource": "arn:aws::us-east-2:111122223333:database/mydatabase/table/*",
-                "Condition": {
-                    "StringEquals": {
-                        "aws:ResourceTag/Owner": "${aws:username}"
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -544,28 +518,0 @@ The following policy grants permissions to a user to create tables with tags if
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "CreateTagTableUser",
-                "Effect": "Allow",
-                "Action": [
-                    ":Create",
-                    ":TagResource"
-                ],
-                "Resource": "arn:aws::us-east-2:111122223333:database/mydatabase/table/*",
-                "Condition": {
-                    "ForAnyValue:StringEquals": {
-                        "aws:RequestTag/Owner": "${aws:username}"
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -574,57 +520,0 @@ The policy below allows use of the `DescribeDatabase` API on any Database that h
-JSON
-    
-
-****
-    
-    
-    
-    { "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid": "AllowDescribeEndpoints",
-          "Effect": "Allow",
-          "Action": [
-            "timestream:DescribeEndpoints"
-          ],
-          "Resource": "*"
-        },
-        {
-          "Sid": "AllowDevTestAccess",
-          "Effect": "Allow",
-          "Action": [
-            "timestream:DescribeDatabase"
-          ],
-          "Resource": "*",
-          "Condition": {
-            "StringEquals": {
-              "timestream:tag/env": [
-                  "dev",
-                  "test"
-              ]
-            }
-          }
-        }
-      ]
-    }
-    { "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid": "AllowTagAccessForDevResources",
-          "Effect": "Allow",
-          "Action": [
-            "timestream:TagResource"
-          ],
-          "Resource": "*",
-          "Condition": {
-            "StringEquals": {
-              "aws:RequestTag/env": [
-                "test",
-                "dev"
-              ]
-            }
-          }
-        }
-      ]
-    }
-    
-