AWS workspaces-web documentation change
Summary
Removed explanation about cross-account access requiring identity-based policies in trusted accounts
Security assessment
Omits operational details but doesn't introduce or resolve security flaws. The removed content was explanatory, not security-critical.
Diff
diff --git a/workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md b/workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md index 114f376ce..8a6e5412c 100644 --- a//workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md +++ b//workspaces-web/latest/adminguide/security_iam_service-with-iam-resource-based-policies.md @@ -11 +11 @@ Resource-based policies are JSON policy documents that you attach to a resource. -To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. Adding a cross-account principal to a resource-based policy is only half of establishing the trust relationship. When the principal and the resource are in different AWS accounts, an IAM administrator in the trusted account must also grant the principal entity (user or role) permission to access the resource. They grant permission by attaching an identity-based policy to the entity. However, if a resource-based policy grants access to a principal in the same account, no additional identity-based policy is required. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the _IAM User Guide_. +To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the _IAM User Guide_.