AWS mediatailor documentation change
Summary
Added JSON example for SecretsManager resource policy granting MediaTailor access to retrieve secret values
Security assessment
This change documents secure secret management practices but does not address a specific vulnerability. The example policy shows least-privilege access configuration for sensitive credentials, which is security best practice documentation rather than a response to an active security issue.
Diff
diff --git a/mediatailor/latest/ug/channel-assembly-access-configuration-access-configuring.md b/mediatailor/latest/ug/channel-assembly-access-configuration-access-configuring.md index 0ff27e2e8..d5366f831 100644 --- a//mediatailor/latest/ug/channel-assembly-access-configuration-access-configuring.md +++ b//mediatailor/latest/ug/channel-assembly-access-configuration-access-configuring.md @@ -143,0 +144,24 @@ The following is a policy statement example that you can add for MediaTailor: +JSON + + +**** + + + + { + + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "mediatailor.amazonaws.com" + }, + "Action": "secretsmanager:GetSecretValue", + "Resource": "arn:aws:secretsmanager:us-east-1:111122223333:secret:secret-name" + } + ] + + } + +