AWS databrew documentation change
Summary
Simplified explanation of IAM policy Resource element usage and removed mention of NotResource requirement
Security assessment
Clarifies security best practices for IAM policies but does not address a specific security vulnerability. The change removes redundant phrasing but maintains core security guidance about resource-level permissions.
Diff
diff --git a/databrew/latest/dg/security_iam_service-with-iam.md b/databrew/latest/dg/security_iam_service-with-iam.md index caed4bb52..61ff665f0 100644 --- a//databrew/latest/dg/security_iam_service-with-iam.md +++ b//databrew/latest/dg/security_iam_service-with-iam.md @@ -54,3 +54 @@ Administrators can use AWS JSON policies to specify who has access to what. That -The `Resource` JSON policy element specifies the object or objects to which the action applies. Statements must include either a `Resource` or a `NotResource` element. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). You can do this for actions that support a specific resource type, known as _resource-level permissions_. - -For actions that don't support resource-level permissions, such as listing operations, use a wildcard (*) to indicate that the statement applies to all resources. +The `Resource` JSON policy element specifies the object or objects to which the action applies. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). For actions that don't support resource-level permissions, use a wildcard (*) to indicate that the statement applies to all resources.