AWS AWSMechTurk high security documentation change
Summary
Removed SNS policy example containing SecureTransport condition and AWS account restrictions
Security assessment
The removed policy enforced secure transport (HTTPS) and source account validation. Removing this example could lead to less secure configurations if users don't implement equivalent protections.
Diff
diff --git a/AWSMechTurk/latest/AWSMturkAPI/ApiReference_NotificationReceptorAPI_SNSTransportArticle.md b/AWSMechTurk/latest/AWSMturkAPI/ApiReference_NotificationReceptorAPI_SNSTransportArticle.md index 76ad81646..140f3d38b 100644 --- a//AWSMechTurk/latest/AWSMturkAPI/ApiReference_NotificationReceptorAPI_SNSTransportArticle.md +++ b//AWSMechTurk/latest/AWSMturkAPI/ApiReference_NotificationReceptorAPI_SNSTransportArticle.md @@ -44,24 +43,0 @@ The following example policy document only creates the [Publish](http://docs.aws - - { - "Version": "2012-10-17", - "Id": "arn:aws:sns:region:aws-account-id:topic-name/MTurkOnlyPolicy", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "mturk-requester.amazonaws.com" - }, - "Action": "SNS:Publish", - "Resource": "arn:aws:sns:region:aws-account-id:topic-name", - "Condition": { - "StringEquals": { - "aws:SourceAccount": "linked-aws-account-id" - }, - "Bool": { - "aws:SecureTransport":"true" - } - } - } - ] - } -