AWS datazone documentation change
Summary
Hardcoded account IDs in trust policy conditions
Security assessment
Example policy hardening without addressing specific vulnerabilities
Diff
diff --git a/datazone/latest/userguide/redshift-manage-access-role.md b/datazone/latest/userguide/redshift-manage-access-role.md index a440e1934..cc21010db 100644 --- a//datazone/latest/userguide/redshift-manage-access-role.md +++ b//datazone/latest/userguide/redshift-manage-access-role.md @@ -10,0 +11,6 @@ The default `AmazonDataZoneRedshiftAccess-<region>-<domainId>` role has the foll +JSON + + +**** + + @@ -32,0 +40,6 @@ The default `AmazonDataZoneRedshiftManageAccessRole<timestamp>` has the followin +JSON + + +**** + + @@ -45 +58 @@ The default `AmazonDataZoneRedshiftManageAccessRole<timestamp>` has the followin - "aws:SourceAccount": "{{domain_account}}" + "aws:SourceAccount": "111122223333" @@ -48 +61 @@ The default `AmazonDataZoneRedshiftManageAccessRole<timestamp>` has the followin - "aws:SourceArn": "arn:aws:datazone:{{region}}:{{domain_account}}:domain/{{root_domain_id}}" + "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345"