AWS mwaa documentation change
Summary
Minor grammatical and wording improvements throughout the document. Changes include replacing 'in order to' with 'to', 'could' with 'can', and 'Type' with 'Enter' in various sections related to IAM policies and console access.
Security assessment
The changes are purely editorial improvements to enhance clarity and consistency. No new security-related content was added, and there is no evidence of addressing a specific security vulnerability or weakness.
Diff
diff --git a/mwaa/latest/userguide/access-policies.md b/mwaa/latest/userguide/access-policies.md index 6a3018861..892ab3259 100644 --- a//mwaa/latest/userguide/access-policies.md +++ b//mwaa/latest/userguide/access-policies.md @@ -90 +90 @@ A user might need access to the `AmazonMWAAFullConsoleAccess` permissions policy -Your full console access policy must include permissions to perform `iam:PassRole`. This allows the user to pass [service-linked roles](./mwaa-slr.html), and [execution roles](./mwaa-create-role.html), to Amazon MWAA. Amazon MWAA assumes each role in order to call other AWS services on your behalf. The following example uses the `iam:PassedToService` condition key to specify the Amazon MWAA service principal (`airflow.amazonaws.com`) as the service to which a role can be passed. +Your full console access policy must include permissions to perform `iam:PassRole`. This allows the user to pass [service-linked roles](./mwaa-slr.html), and [execution roles](./mwaa-create-role.html), to Amazon MWAA. Amazon MWAA assumes each role to call other AWS services on your behalf. The following example uses the `iam:PassedToService` condition key to specify the Amazon MWAA service principal (`airflow.amazonaws.com`) as the service to which a role can be passed. @@ -366 +366 @@ A user might need access to the `AmazonMWAAFullApiAccess` permissions policy if -A full API access policy must include permissions to perform `iam:PassRole`. This allows the user to pass [service-linked roles](./mwaa-slr.html), and [execution roles](./mwaa-create-role.html), to Amazon MWAA. Amazon MWAA assumes each role in order to call other AWS services on your behalf. The following example uses the `iam:PassedToService` condition key to specify the Amazon MWAA service principal (`airflow.amazonaws.com`) as the service to which a role can be passed. +A full API access policy must include permissions to perform `iam:PassRole`. This allows the user to pass [service-linked roles](./mwaa-slr.html), and [execution roles](./mwaa-create-role.html), to Amazon MWAA. Amazon MWAA assumes each role to call other AWS services on your behalf. The following example uses the `iam:PassedToService` condition key to specify the Amazon MWAA service principal (`airflow.amazonaws.com`) as the service to which a role can be passed. @@ -594 +594 @@ JSON - * The `Resource` field in this policy could be used to specify the Apache Airflow role-based access control roles for the Amazon MWAA environment. However, it does not support the Amazon MWAA environment ARN (Amazon Resource Name) in the `Resource` field of the policy. + * The `Resource` field in this policy can be used to specify the Apache Airflow role-based access control roles for the Amazon MWAA environment. However, it does not support the Amazon MWAA environment ARN (Amazon Resource Name) in the `Resource` field of the policy. @@ -629 +629 @@ JSON - * The `Resource` field in this policy could be used to specify the Apache Airflow role-based access control roles for the Amazon MWAA environment. However, it does not support the Amazon MWAA environment ARN (Amazon Resource Name) in the `Resource` field of the policy. + * The `Resource` field in this policy can be used to specify the Apache Airflow role-based access control roles for the Amazon MWAA environment. However, it does not support the Amazon MWAA environment ARN (Amazon Resource Name) in the `Resource` field of the policy. @@ -677 +677 @@ You can create the JSON policy, and attach the policy to your user, role, or gro -For example, you could name the policy `AmazonMWAAReadOnlyAccess`. +For example, you can name the policy `AmazonMWAAReadOnlyAccess`. @@ -771 +771 @@ Let's say you're using a group in IAM named `AirflowDevelopmentGroup` to apply p - 2. Type a name of `AirflowDevelopmentGroup`. + 2. Enter a name of `AirflowDevelopmentGroup`.