AWS Security ChangesHomeSearch

AWS datazone documentation change

Service: datazone · 2025-09-10 · Documentation low

File: datazone/latest/userguide/redshift-manage-access-role.md

Summary

Hardcoded account IDs in trust policy conditions

Security assessment

Example policy hardening without addressing specific vulnerabilities

Diff

diff --git a/datazone/latest/userguide/redshift-manage-access-role.md b/datazone/latest/userguide/redshift-manage-access-role.md
index a440e1934..cc21010db 100644
--- a//datazone/latest/userguide/redshift-manage-access-role.md
+++ b//datazone/latest/userguide/redshift-manage-access-role.md
@@ -10,0 +11,6 @@ The default `AmazonDataZoneRedshiftAccess-<region>-<domainId>` role has the foll
+JSON
+    
+
+****
+    
+    
@@ -32,0 +40,6 @@ The default `AmazonDataZoneRedshiftManageAccessRole<timestamp>` has the followin
+JSON
+    
+
+****
+    
+    
@@ -45 +58 @@ The default `AmazonDataZoneRedshiftManageAccessRole<timestamp>` has the followin
-                    "aws:SourceAccount": "{{domain_account}}"
+                "aws:SourceAccount": "111122223333"
@@ -48 +61 @@ The default `AmazonDataZoneRedshiftManageAccessRole<timestamp>` has the followin
-                    "aws:SourceArn": "arn:aws:datazone:{{region}}:{{domain_account}}:domain/{{root_domain_id}}"
+                "aws:SourceArn": "arn:aws:datazone:us-east-1:111122223333:domain/dzd-12345"