AWS pinpoint medium security documentation change
Summary
Updated Personalize resource ARNs with specific account IDs and added JSON section markers in recommendation permissions.
Security assessment
Replaced placeholder account IDs (e.g., 111122223333) and added explicit SourceAccount/SourceArn conditions in trust policies. These changes demonstrate secure cross-service access patterns between Pinpoint and Personalize, preventing potential account ID spoofing.
Diff
diff --git a/pinpoint/latest/developerguide/permissions-get-recommendations.md b/pinpoint/latest/developerguide/permissions-get-recommendations.md index 688b61400..f84c3a08d 100644 --- a//pinpoint/latest/developerguide/permissions-get-recommendations.md +++ b//pinpoint/latest/developerguide/permissions-get-recommendations.md @@ -46,0 +47,6 @@ In the following procedure, the example policy allows this access for a particul +JSON + + +**** + + @@ -59,2 +65,2 @@ In the following procedure, the example policy allows this access for a particul - "arn:aws:personalize:region:accountId:solution/solutionId", - "arn:aws:personalize:region:accountId:campaign/campaignId" + "arn:aws:personalize:us-east-1:111122223333:solution/solutionId", + "arn:aws:personalize:us-east-1:111122223333:campaign/campaignId" @@ -102,0 +110,6 @@ Each IAM role contains a _trust policy_ , which is a set of rules that specifies +JSON + + +**** + + @@ -114 +127 @@ Each IAM role contains a _trust policy_ , which is a set of rules that specifies - "AWS:SourceAccount": "accountId" + "AWS:SourceAccount": "111122223333" @@ -117 +130 @@ Each IAM role contains a _trust policy_ , which is a set of rules that specifies - "AWS:SourceArn": "arn:aws:mobiletargeting:region:accountId:apps/*" + "AWS:SourceArn": "arn:aws:mobiletargeting:us-east-1:444455556666:apps/*"