AWS one-enterprise medium security documentation change
Summary
Removed multiple JSON policy examples including ReadOnlyAccess, FullAccess, and explicit deny policies
Security assessment
Deletion of IAM policy examples reduces clarity for secure configuration. Missing examples could lead to insecure policy creation (e.g., removal of explicit deny policies increases risk of privilege escalation). Direct impact on security posture documentation.
Diff
diff --git a/one-enterprise/latest/userguide/security_iam_id-based-policy-examples.md b/one-enterprise/latest/userguide/security_iam_id-based-policy-examples.md index e838db7d0..7bf282361 100644 --- a//one-enterprise/latest/userguide/security_iam_id-based-policy-examples.md +++ b//one-enterprise/latest/userguide/security_iam_id-based-policy-examples.md @@ -103,15 +102,0 @@ The following example shows an AWS managed policy, `AmazonOneEnterpriseReadOnlyA - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "one:Get*", - "one:List*" - ], - "Resource": "*" - } - ] - } - @@ -147,14 +131,0 @@ This policy grants broad permissions. Before granting full access, consider star - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "one:*" - ], - "Resource": "*" - }, - ] - } - @@ -196,18 +166,0 @@ In the first policy, you allow the AWS Config rule read actions such as `GetSite - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "one:GetSite", - "one:GetSiteAddress" - ], - "Resource": [ - "arn:aws:one:region:accountID:site/siteId" - ] - } - ] - } - @@ -216,16 +168,0 @@ In the second policy, you deny the Amazon One Enterprise rule write actions on t - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Deny", - "Action": [ - "one:DeleteSite", - "one:UpdateSiteAddress" - ], - "Resource": "arn:aws:one:region:accountID:site/siteId" - } - ] - } -