AWS datazone documentation change
Summary
Hardcoded account IDs in trust policies and added JSON formatting
Security assessment
Example hardening by replacing placeholders with concrete values, but no direct security vulnerability addressed
Diff
diff --git a/datazone/latest/userguide/AmazonDataZoneSageMakerManageAccessRole.md b/datazone/latest/userguide/AmazonDataZoneSageMakerManageAccessRole.md index f2b10dfda..b96381ac4 100644 --- a//datazone/latest/userguide/AmazonDataZoneSageMakerManageAccessRole.md +++ b//datazone/latest/userguide/AmazonDataZoneSageMakerManageAccessRole.md @@ -10,0 +11,6 @@ The `AmazonDataZoneSageMakerManageAccessRole` role has the following inline poli +JSON + + +**** + + @@ -31,0 +39,6 @@ The `AmazonDataZoneSageMakerManageAccessRole` role has the following trust polic +JSON + + +**** + + @@ -46 +59 @@ The `AmazonDataZoneSageMakerManageAccessRole` role has the following trust polic - "aws:SourceAccount": "{{domain_account}}" + "aws:SourceAccount": "111122223333" @@ -49 +62 @@ The `AmazonDataZoneSageMakerManageAccessRole` role has the following trust polic - "aws:SourceArn": "arn:aws:datazone:{{region}}:{{domain_account}}:domain/{{root_domain_id}}" + "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345"