AWS Security ChangesHomeSearch

AWS datazone documentation change

Service: datazone · 2025-09-10 · Documentation low

File: datazone/latest/userguide/glue-manage-access-role.md

Summary

Hardcoded account IDs in trust policy conditions

Security assessment

Example policy hardening without addressing specific vulnerabilities

Diff

diff --git a/datazone/latest/userguide/glue-manage-access-role.md b/datazone/latest/userguide/glue-manage-access-role.md
index 0a5d77eac..bd80ad134 100644
--- a//datazone/latest/userguide/glue-manage-access-role.md
+++ b//datazone/latest/userguide/glue-manage-access-role.md
@@ -10,0 +11,6 @@ The default `AmazonDataZoneGlueAccess-<region>-<domainId>` role has the followin
+JSON
+    
+
+****
+    
+    
@@ -23 +29 @@ The default `AmazonDataZoneGlueAccess-<region>-<domainId>` role has the followin
-                    "aws:SourceAccount": "{{domain_account}}"
+                "aws:SourceAccount": "111122223333"
@@ -26 +32 @@ The default `AmazonDataZoneGlueAccess-<region>-<domainId>` role has the followin
-                    "aws:SourceArn": "arn:aws:datazone:{{region}}:{{domain_account}}:domain/{{root_domain_id}}"
+                "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345"