AWS Security ChangesHomeSearch

AWS mwaa documentation change

Service: mwaa · 2025-10-25 · Documentation medium

File: mwaa/latest/userguide/doc-history.md

Summary

Multiple documentation updates including security-related additions: clarified IAM PassRole requirements, added guidance for cross-service confused deputy prevention, and expanded Secrets Manager IAM policy examples.

Security assessment

Added documentation for security features like using aws:SourceArn/aws:SourceAccount to prevent confused deputy attacks and Secrets Manager IAM policies. These are proactive security measures rather than fixes for specific vulnerabilities.

Diff

diff --git a/mwaa/latest/userguide/doc-history.md b/mwaa/latest/userguide/doc-history.md
index 27e5b67ba..58c1bc458 100644
--- a//mwaa/latest/userguide/doc-history.md
+++ b//mwaa/latest/userguide/doc-history.md
@@ -109 +109 @@ New topics and use cases| Amazon MWAA supports minor version upgrades. This upda
-Updated topic| Updated customer-managed IAM policies that grant a user full console and API access to Amazon MWAA. The update describes why you must provide permission for `iam:PassRole` in order to allow a user to pass roles to Amazon MWAA. Amazon MWAA uses these permissions to perform actions on a user's behalf.
+Updated topic| Updated customer-managed IAM policies that grant a user full console and API access to Amazon MWAA. The update describes why you must provide permission for `iam:PassRole` to allow a user to pass roles to Amazon MWAA. Amazon MWAA uses these permissions to perform actions on a user's behalf.
@@ -170 +170 @@ Updated FAQ entry| Updated information related to Amazon MWAA's HIPAA eligibilit
-New topic| Added new topic on using [`aws:SourceArn`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [`aws:SourceAccount`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in an Amazon MWAA execution role trust policy, in order to prevent cross-service confused deputy.
+New topic| Added new topic on using [`aws:SourceArn`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [`aws:SourceAccount`](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in an Amazon MWAA execution role trust policy, to prevent cross-service confused deputy.
@@ -195 +195 @@ New sample code| Added updated instructions and a new DAG code example that retr
-New sample code| Added updated instructions and new DAG that queries an environment's Aurora PostgreSQL for metadata information, writes the result to CSV files and stores the files in Amazon S3.
+New sample code| Added updated instructions and new DAG that queries an environment's Aurora PostgreSQL for metadata information, writes the result To CSV files and stores the files in Amazon S3.
@@ -251 +251 @@ Apache Airflow v2.2.2 launch| Amazon Managed Workflows for Apache Airflow now su
-New tutorials| Added a new tutorial that demonstrates creating a new custom Apache Airflow role, and assigning the role to an Apache Airflow user mapped from IAM in order to limit the user's access to a subset of specified DAGs.
+New tutorials| Added a new tutorial that demonstrates creating a new custom Apache Airflow role, and assigning the role to an Apache Airflow user mapped from IAM to limit the user's access to a subset of specified DAGs.
@@ -256 +256 @@ New tutorials| Added a new tutorial that demonstrates creating a new custom Apac
-Fixes| Fixed a best practices recommendation for setting the value of `scheduler.min_file_process_interval` in order to optimize CPU usage. Added an IAM policy example granting access to Secrets Manager resources in the execution role. Added troubleshooting topic on using Secrets Manager condition keys.
+Fixes| Fixed a best practices recommendation for setting the value of `scheduler.min_file_process_interval` to optimize CPU usage. Added an IAM policy example granting access to Secrets Manager resources in the execution role. Added troubleshooting topic on using Secrets Manager condition keys.
@@ -625 +625 @@ New topics and use cases| Added the following changes:
-  * Added the troubleshooting script as next steps for all topics related to VPC and environment configuration at [Troubleshooting Amazon Managed Workflows for Apache Airflow](./troubleshooting.html).
+  * Added the troubleshooting script as next steps for all topics related To VPC and environment configuration at [Troubleshooting Amazon Managed Workflows for Apache Airflow](./troubleshooting.html).