AWS iotanalytics documentation change
Summary
Updated IAM policy resource ARNs to include region/account wildcards and added JSON formatting markers.
Security assessment
Adjusts policy examples to follow least-privilege patterns (e.g., arn:aws:s3:*:*:iotanalytics-notebook-containers/*) but does not explicitly reference a security flaw. Improves security documentation clarity.
Diff
diff --git a/iotanalytics/latest/userguide/automate-permissions.md b/iotanalytics/latest/userguide/automate-permissions.md index 92e74026f..ff0aba72b 100644 --- a//iotanalytics/latest/userguide/automate-permissions.md +++ b//iotanalytics/latest/userguide/automate-permissions.md @@ -12,0 +13,6 @@ You can create the first role automatically or manually. If you create your new +JSON + + +**** + + @@ -37 +43 @@ You can create the first role automatically or manually. If you create your new - "Resource": "arn:aws:s3:::iotanalytics-notebook-containers/*" + "Resource": "arn:aws:s3:*:*:iotanalytics-notebook-containers/*" @@ -43,0 +51,6 @@ You must manually create the second role which grants permission to execute a co +JSON + + +**** + + @@ -56 +69 @@ You must manually create the second role which grants permission to execute a co - "Resource": "arn:aws:s3:::aws-*-dataset-*/*" + "Resource": "arn:aws:s3:*:*:aws-*-dataset-*/*" @@ -93,0 +108,6 @@ The following is an example trust policy. +JSON + + +**** + +