AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2025-10-22 · Documentation medium

File: AmazonECS/latest/developerguide/security-iam-bestpractices.md

Summary

Replaced IAM policy example with a link to policy resources documentation

Security assessment

The example IAM policy demonstrating least privilege was replaced with a link to policy resources. While the specific example is removed, the link provides broader security documentation, guiding users to updated IAM best practices.

Diff

diff --git a/AmazonECS/latest/developerguide/security-iam-bestpractices.md b/AmazonECS/latest/developerguide/security-iam-bestpractices.md
index 2f0f46f87..1cc50fa03 100644
--- a//AmazonECS/latest/developerguide/security-iam-bestpractices.md
+++ b//AmazonECS/latest/developerguide/security-iam-bestpractices.md
@@ -13,27 +13 @@ You can use AWS Identity and Access Management (IAM) to manage and control acces
-Create policies that are scoped to allow users to perform their prescribed jobs. For example, if a developer needs to periodically stop a task, create a policy that only permits that particular action. The following example only allows a user to stop a task that belongs to a particular `task_family` on a cluster with a specific Amazon Resource Name (ARN). Referring to an ARN in a condition is also an example of using resource-level permissions. You can use resource-level permissions to specify the resource that you want an action to apply to.
-
-JSON
-    
-
-****
-    
-    
-    
-    {
-            "Version":"2012-10-17",		 	 	 
-            "Statement": [
-                {
-                     "Effect": "Allow",
-                     "Action": [
-                        "ecs:StopTask"
-                     ],
-                    "Resource": "arn:aws:ecs:us-east-1:123456789012:task/my-cluster/*",
-                    "Condition": {
-                            "ArnEquals": {
-                                    "ecs:cluster": "arn:aws:ecs:us-east-1:123456789012:cluster/my-cluster"
-                            }
-                    }
-                }
-            ]
-    }
-    
+Create policies that are scoped to allow users to perform their prescribed jobs. For example, if a developer needs to periodically stop a task, create a policy that only permits that particular action. The following example only allows a user to stop a task that belongs to a particular `task_family` on a cluster with a specific Amazon Resource Name (ARN). Referring to an ARN in a condition is also an example of using resource-level permissions. You can use resource-level permissions to specify the resource that you want an action to apply to. For more information, see [Policy resources for Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-resources).