AWS IAM documentation change
Summary
Added JSON section markers and removed example policies
Security assessment
The changes involve formatting adjustments (adding JSON section markers) and removal of specific policy examples. While policy examples relate to security configurations, there's no evidence this addresses a specific vulnerability or adds new security documentation.
Diff
diff --git a/IAM/latest/UserGuide/access-analyzer-policy-generation.md b/IAM/latest/UserGuide/access-analyzer-policy-generation.md index 2bbe91c79..f8607fe18 100644 --- a//IAM/latest/UserGuide/access-analyzer-policy-generation.md +++ b//IAM/latest/UserGuide/access-analyzer-policy-generation.md @@ -106,0 +107,6 @@ The first example policy shows the permissions policy for the service role that +JSON + + +**** + + @@ -140,0 +148,6 @@ The following example policy shows the role trust policy with the permissions th +JSON + + +**** + + @@ -158,0 +173,6 @@ To generate policies in the AWS Management Console, an IAM user must have a perm +JSON + + +**** + + @@ -348,29 +368,0 @@ The following example policy allows `ListBucket` and `GetObject` for the bucket - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "PolicyGenerationBucketPolicy", - "Effect": "Allow", - "Principal": { - "AWS": "*" - }, - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::amzn-s3-demo-bucket", - "arn:aws:s3:::amzn-s3-demo-bucket/optional-prefix/AWSLogs/organization-id/${aws:PrincipalAccount}/*" - ], - "Condition": { - "StringEquals": { - "aws:PrincipalOrgID": "organization-id" - }, - "StringLike": { - "aws:PrincipalArn": "arn:aws:iam::${aws:PrincipalAccount}:role/service-role/AccessAnalyzerMonitorServiceRole*" - } - } - } - ] - } - @@ -379,27 +370,0 @@ The following example policy allows `ListBucket` and `GetObject` for the bucket - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "*" - }, - "Action": "kms:Decrypt", - "Resource": "*", - "Condition": { - "StringEquals": { - "kms:EncryptionContext:aws:cloudtrail:arn": "CROSS_ACCOUNT_ORG_TRAIL_FULL_ARN", - "aws:PrincipalOrgID": "organization-id" - }, - "StringLike": { - "kms:ViaService": [ - "access-analyzer.*.amazonaws.com", - "s3.*.amazonaws.com" - ], - "aws:PrincipalArn": "arn:aws:iam::${aws:PrincipalAccount}:role/service-role/AccessAnalyzerMonitorServiceRole*" - } - } - } - ] - } -