AWS prometheus documentation change
Summary
Simplified explanation of default permissions by removing redundant statement about inability to use AWS Management Console/CLI/API by default.
Security assessment
The change removes a redundant clarification about default access restrictions across interfaces (Console/CLI/API). This is an editorial improvement rather than a security fix, as the core security principle (default deny) remains unchanged. No specific vulnerability or incident response is mentioned.
Diff
diff --git a/prometheus/latest/userguide/security_iam_id-based-policy-examples.md b/prometheus/latest/userguide/security_iam_id-based-policy-examples.md index 793208325..d6b1e7ba4 100644 --- a//prometheus/latest/userguide/security_iam_id-based-policy-examples.md +++ b//prometheus/latest/userguide/security_iam_id-based-policy-examples.md @@ -9 +9 @@ Policy best practicesUsing the consoleAllow users to view their own permissions -By default, users and roles don't have permission to create or modify Amazon Managed Service for Prometheus resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles. +By default, users and roles don't have permission to create or modify Amazon Managed Service for Prometheus resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.