AWS pinpoint documentation change
Summary
Added JSON code block markers, updated Kinesis/Firehose ARNs with specific region/account ID (us-east-1/111122223333), and removed role output example.
Security assessment
Standardization of resource ARNs to use placeholder values prevents accidental exposure of real account IDs in examples, but this is a documentation best practice rather than a security fix.
Diff
diff --git a/pinpoint/latest/archguide/permissions-streams.md b/pinpoint/latest/archguide/permissions-streams.md index 9ad99dc22..f921f5b8e 100644 --- a//pinpoint/latest/archguide/permissions-streams.md +++ b//pinpoint/latest/archguide/permissions-streams.md @@ -33,0 +34,6 @@ The following policy allows Amazon Pinpoint to send event data to a Kinesis stre +JSON + + +**** + + @@ -44 +50 @@ The following policy allows Amazon Pinpoint to send event data to a Kinesis stre - "arn:aws:kinesis:region:account-id:stream/stream-name" + "arn:aws:kinesis:us-east-1:111122223333:stream/stream-name" @@ -52,0 +60,6 @@ The following policy allows Amazon Pinpoint to send event data to a Firehose del +JSON + + +**** + + @@ -63 +76 @@ The following policy allows Amazon Pinpoint to send event data to a Firehose del - "arn:aws:firehose:region:account-id:deliverystream/delivery-stream-name" + "arn:aws:firehose:us-east-1:111122223333:deliverystream/delivery-stream-name" @@ -71,0 +86,6 @@ To allow Amazon Pinpoint to assume the IAM role and perform the actions allowed +JSON + + +**** + + @@ -104,22 +124,0 @@ After you run this command, the AWS CLI prints the following output in your term - { - "Role": { - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "pinpoint.amazonaws.com" - } - } - ] - }, - "RoleId": "AIDACKCEVSQ6C2EXAMPLE", - "CreateDate": "2017-02-28T18:02:48.220Z", - "RoleName": "PinpointEventStreamRole", - "Path": "/", - "Arn": "arn:aws:iam::111122223333:role/PinpointEventStreamRole" - } - } -