AWS resilience-hub high security documentation change
Summary
Removed SNS and KMS policy examples
Security assessment
Removal of required security policies could lead to service misconfiguration if not documented elsewhere
Diff
diff --git a/resilience-hub/latest/userguide/enabling-sns-in-arh.md b/resilience-hub/latest/userguide/enabling-sns-in-arh.md index daddc36d4..839530133 100644 --- a//resilience-hub/latest/userguide/enabling-sns-in-arh.md +++ b//resilience-hub/latest/userguide/enabling-sns-in-arh.md @@ -18,16 +17,0 @@ To enable AWS Resilience Hub to publish notifications to your Amazon SNS topic, - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowResilienceHubPublish", - "Effect": "Allow", - "Principal": { - "Service": "resiliencehub.amazonaws.com" - }, - "Action": "SNS:Publish", - "Resource": "arn:aws:sns:region:account-id:topic-name" - } - ] - } - @@ -42,19 +25,0 @@ To provide `Decrypt` and `GenerateDataKey*` access to AWS Resilience Hub, you mu - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowResilienceHubDecrypt", - "Effect": "Allow", - "Principal": { - "Service": "resiliencehub.amazonaws.com" - }, - "Action": [ - "kms:GenerateDataKey*", - "kms:Decrypt" - ], - "Resource": "arn:aws:kms:region:account-id:key/key-id" - } - ] - } -