AWS AmazonECS documentation change
Summary
Replaced IAM policy example with a link to policy resources documentation
Security assessment
The example IAM policy demonstrating least privilege was replaced with a link to policy resources. While the specific example is removed, the link provides broader security documentation, guiding users to updated IAM best practices.
Diff
diff --git a/AmazonECS/latest/developerguide/security-iam-bestpractices.md b/AmazonECS/latest/developerguide/security-iam-bestpractices.md index 2f0f46f87..1cc50fa03 100644 --- a//AmazonECS/latest/developerguide/security-iam-bestpractices.md +++ b//AmazonECS/latest/developerguide/security-iam-bestpractices.md @@ -13,27 +13 @@ You can use AWS Identity and Access Management (IAM) to manage and control acces -Create policies that are scoped to allow users to perform their prescribed jobs. For example, if a developer needs to periodically stop a task, create a policy that only permits that particular action. The following example only allows a user to stop a task that belongs to a particular `task_family` on a cluster with a specific Amazon Resource Name (ARN). Referring to an ARN in a condition is also an example of using resource-level permissions. You can use resource-level permissions to specify the resource that you want an action to apply to. - -JSON - - -**** - - - - { - "Version":"2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ecs:StopTask" - ], - "Resource": "arn:aws:ecs:us-east-1:123456789012:task/my-cluster/*", - "Condition": { - "ArnEquals": { - "ecs:cluster": "arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster" - } - } - } - ] - } - +Create policies that are scoped to allow users to perform their prescribed jobs. For example, if a developer needs to periodically stop a task, create a policy that only permits that particular action. The following example only allows a user to stop a task that belongs to a particular `task_family` on a cluster with a specific Amazon Resource Name (ARN). Referring to an ARN in a condition is also an example of using resource-level permissions. You can use resource-level permissions to specify the resource that you want an action to apply to. For more information, see [Policy resources for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-resources).