AWS AmazonCloudFront medium security documentation change
Summary
Removed specific AWS account ID and error message details from AccessDenied example
Security assessment
The change removes exposure of an AWS managed account ID (856369053181) and sensitive HostId details from public documentation, mitigating potential information disclosure risks.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/troubleshooting-distributions.md b/AmazonCloudFront/latest/DeveloperGuide/troubleshooting-distributions.md index 199258d91..7db4b090c 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/troubleshooting-distributions.md +++ b//AmazonCloudFront/latest/DeveloperGuide/troubleshooting-distributions.md @@ -64,15 +64 @@ Verify that you've selected the correct Amazon S3 bucket as the origin domain an -If you don’t specify the correct permissions, the following access denied message can appear for your viewers. - - - <Code>AccessDenied</Code> - <Message>User: arn:aws:sts::856369053181:assumed-role/OriginAccessControlRole/EdgeCredentialsProxy+EdgeHostAuthenticationClient is not authorized to perform: kms:Decrypt on the resource associated with this ciphertext because the resource does not exist in this Region, no resource-based policies allow access, or a resource-based policy explicitly denies access</Message> - <RequestId>22Q367AHT7Y1ABCD/RequestId> - <HostId> - ABCDE/Vg+7PSNa/d/IfFQ8Fb92TGQ0KH0ZwG5iEKbc6+e06DdMS1ZW+ryB9GFRIVtS66rSSy6So= - </HostId> - </Error> - - -###### Note - -In this error message, the account ID 856369053181 is an AWS managed account. +If you don’t specify the correct permissions, an `AccessDenied` message can appear for your viewers.