AWS Security ChangesHomeSearch

AWS serverlessrepo documentation change

Service: serverlessrepo · 2025-10-22 · Documentation low

File: serverlessrepo/latest/devguide/security_iam_service-with-iam.md

Summary

Simplified explanations of IAM policy Action and Resource elements by removing details about exceptions (permission-only/dependent actions) and NotResource requirement

Security assessment

The changes streamline documentation about IAM policy components but do not address specific vulnerabilities or weaknesses. This is a general documentation refinement rather than a security-focused update.

Diff

diff --git a/serverlessrepo/latest/devguide/security_iam_service-with-iam.md b/serverlessrepo/latest/devguide/security_iam_service-with-iam.md
index 4cb08e98d..a73f74c2a 100644
--- a//serverlessrepo/latest/devguide/security_iam_service-with-iam.md
+++ b//serverlessrepo/latest/devguide/security_iam_service-with-iam.md
@@ -73,3 +73 @@ Administrators can use AWS JSON policies to specify who has access to what. That
-The `Action` element of a JSON policy describes the actions that you can use to allow or deny access in a policy. Policy actions usually have the same name as the associated AWS API operation. There are some exceptions, such as _permission-only actions_ that don't have a matching API operation. There are also some operations that require multiple actions in a policy. These additional actions are called _dependent actions_.
-
-Include actions in a policy to grant permissions to perform the associated operation.
+The `Action` element of a JSON policy describes the actions that you can use to allow or deny access in a policy. Include actions in a policy to grant permissions to perform the associated operation.
@@ -98,3 +96 @@ Administrators can use AWS JSON policies to specify who has access to what. That
-The `Resource` JSON policy element specifies the object or objects to which the action applies. Statements must include either a `Resource` or a `NotResource` element. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). You can do this for actions that support a specific resource type, known as _resource-level permissions_.
-
-For actions that don't support resource-level permissions, such as listing operations, use a wildcard (*) to indicate that the statement applies to all resources.
+The `Resource` JSON policy element specifies the object or objects to which the action applies. As a best practice, specify a resource using its [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html). For actions that don't support resource-level permissions, use a wildcard (*) to indicate that the statement applies to all resources.