AWS next-generation-sagemaker documentation change
Summary
Removed example IAM policy with specific S3 permissions and ARN conditions
Security assessment
Removal of a policy example does not indicate a security fix unless explicitly stated. This appears to be routine documentation cleanup rather than addressing a security vulnerability
Diff
diff --git a/next-generation-sagemaker/latest/userguide/getting-started-sagemaker-gdc-s3.md b/next-generation-sagemaker/latest/userguide/getting-started-sagemaker-gdc-s3.md index 74162c47d..64be700ca 100644 --- a//next-generation-sagemaker/latest/userguide/getting-started-sagemaker-gdc-s3.md +++ b//next-generation-sagemaker/latest/userguide/getting-started-sagemaker-gdc-s3.md @@ -341,31 +340,0 @@ Configure your IAM role with a policy for S3 bucket permissions to allow the Sag - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Statement1", - "Effect": "Allow", - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::amzn-s3-demo-bucket", - "Condition": { - "ArnEquals": { - "aws:PrincipalArn": "arn:aws:iam::ACCOUNT_ID:role/<datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy>" - } - } - }, - { - "Sid": "Statement2", - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:PutObject" - ], - "Resource": "arn:aws:s3:::amzn-s3-demo-bucket/*", - "Condition": { - "ArnEquals": { - "aws:PrincipalArn": "arn:aws:iam::ACCOUNT_ID:role/<datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy>" - } - } - } - ] - } -