AWS datazone documentation change
Summary
Hardcoded account IDs in trust policy conditions
Security assessment
Example policy hardening without addressing specific vulnerabilities
Diff
diff --git a/datazone/latest/userguide/glue-manage-access-role.md b/datazone/latest/userguide/glue-manage-access-role.md index 0a5d77eac..bd80ad134 100644 --- a//datazone/latest/userguide/glue-manage-access-role.md +++ b//datazone/latest/userguide/glue-manage-access-role.md @@ -10,0 +11,6 @@ The default `AmazonDataZoneGlueAccess-<region>-<domainId>` role has the followin +JSON + + +**** + + @@ -23 +29 @@ The default `AmazonDataZoneGlueAccess-<region>-<domainId>` role has the followin - "aws:SourceAccount": "{{domain_account}}" + "aws:SourceAccount": "111122223333" @@ -26 +32 @@ The default `AmazonDataZoneGlueAccess-<region>-<domainId>` role has the followin - "aws:SourceArn": "arn:aws:datazone:{{region}}:{{domain_account}}:domain/{{root_domain_id}}" + "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345"