AWS AWSCloudFormation high security documentation change
Summary
Removed multiple security-related policy properties including Action, Condition, and Principal from EventBusPolicy documentation
Security assessment
Deleted critical security configuration fields that controlled authentication (Principal), authorization (Action), and access conditions (Organization ID restrictions). Removing these details eliminates guidance for implementing least-privilege access controls.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-events-eventbuspolicy.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-events-eventbuspolicy.md index 6c3a0330a..3f73c944e 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-events-eventbuspolicy.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-events-eventbuspolicy.md @@ -29,2 +28,0 @@ To declare this entity in your AWS CloudFormation template, use the following sy - "Action" : String, - "Condition" : [Condition](./aws-properties-events-eventbuspolicy-condition.html), @@ -32 +29,0 @@ To declare this entity in your AWS CloudFormation template, use the following sy - "Principal" : String, @@ -44,3 +40,0 @@ To declare this entity in your AWS CloudFormation template, use the following sy - Action: String - Condition: - [Condition](./aws-properties-events-eventbuspolicy-condition.html) @@ -48 +41,0 @@ To declare this entity in your AWS CloudFormation template, use the following sy - Principal: String @@ -55,32 +47,0 @@ To declare this entity in your AWS CloudFormation template, use the following sy -`Action` - - -The action that you are enabling the other account to perform. - -_Required_ : No - - _Type_ : String - - _Pattern_ : `events:[a-zA-Z]+` - -_Minimum_ : `1` - - _Maximum_ : `64` - - _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) - -`Condition` - - -This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see [What Is AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html) in the _AWS Organizations User Guide_. - -If you specify `Condition` with an AWS organization ID, and specify "*" as the value for `Principal`, you grant permission to all the accounts in the named organization. - -The `Condition` is a JSON string which must contain `Type`, `Key`, and `Value` fields. - -_Required_ : No - - _Type_ : [Condition](./aws-properties-events-eventbuspolicy-condition.html) - - _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) - @@ -104,19 +64,0 @@ _Minimum_ : `1` -`Principal` - - -The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify "*" to permit any account to put events to your default event bus. - -If you specify "*" without specifying `Condition`, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an `account` field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts. - -_Required_ : No - - _Type_ : String - - _Pattern_ : `(\d{12}|\*)` - -_Minimum_ : `1` - - _Maximum_ : `12` - - _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) - @@ -361 +303 @@ Tag -Condition +AWS::Events::Rule