AWS omics documentation change
Summary
Removed statement about inability to perform tasks via AWS Management Console/CLI/API by default, while maintaining default deny of permissions for AWS HealthOmics resource modifications
Security assessment
The change simplifies the description of default permissions but doesn't address a specific vulnerability or weakness. While IAM policies are security-related, this appears to be a documentation clarification rather than a response to a security incident. The core security posture (default deny) remains unchanged.
Diff
diff --git a/omics/latest/dev/security_iam_id-based-policy-examples.md b/omics/latest/dev/security_iam_id-based-policy-examples.md index 26dbb2680..648605417 100644 --- a//omics/latest/dev/security_iam_id-based-policy-examples.md +++ b//omics/latest/dev/security_iam_id-based-policy-examples.md @@ -11 +11 @@ AWS HealthOmics variant stores and annotation stores will no longer be open to n -By default, users and roles don't have permission to create or modify AWS HealthOmics resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles. +By default, users and roles don't have permission to create or modify AWS HealthOmics resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.