AWS Security ChangesHomeSearch

AWS resilience-hub documentation change

Service: resilience-hub · 2025-10-25 · Documentation low

File: resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md

Summary

Replaced JSON policy examples with markdown headers and simplified structure for role trust policies

Security assessment

Changed policy examples to textual descriptions but maintained security-related content about role permissions. No specific security flaws are mentioned, but the changes affect how security configurations are documented. The replacement of JSON policies with placeholders might indicate a documentation format change rather than a security fix.

Diff

diff --git a/resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md b/resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md
index 7834bdeb9..59c0afc0e 100644
--- a//resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md
+++ b//resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md
@@ -34,22 +34 @@ You must create a new role `AwsResilienceHubPeriodicAssessmentRole` to enable AW
-        {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Action": [
-            "iam:GetRole",
-            "sts:AssumeRole"
-          ],
-          "Resource": "arn:aws:iam::primary_account_id:role/AwsResilienceHubAdminAccountRole"
-        },
-        {
-          "Effect": "Allow",
-          "Action": [
-            "sts:AssumeRole"
-          ],
-          "Resource": [
-            "arn:aws:iam::primary_account_id:role/AwsResilienceHubAssessmentEKSAccessRole"
-          ]
-        }
-      ]
-    }
+**Trust policy for the scheduled assessment's role (`AwsResilienceHubPeriodicAssessmentRole`)**
@@ -56,0 +36,4 @@ You must create a new role `AwsResilienceHubPeriodicAssessmentRole` to enable AW
+JSON
+    
+
+****
@@ -58 +40,0 @@ You must create a new role `AwsResilienceHubPeriodicAssessmentRole` to enable AW
-**Trust policy for the scheduled assessment's role (`AwsResilienceHubPeriodicAssessmentRole`)**
@@ -115,19 +97,0 @@ The following policy provides executor permissions to your role for accessing re
-    
-    {
-      {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Resource": [
-            "arn:aws:iam::secondary_account_id_1:role/AwsResilienceHubExecutorAccountRole",
-            "arn:aws:iam::secondary_account_id_2:role/AwsResilienceHubExecutorAccountRole",
-            ...
-          ],
-          "Action": [
-            "sts:AssumeRole"
-          ]
-        }
-      ]
-    }
-
@@ -136,21 +99,0 @@ The trust policy for the admin role (`AwsResilienceHubAdminAccountRole`) is as f
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Principal": {
-            "AWS": "arn:aws:iam::primary_account_id:role/caller_IAM_role"
-          },
-          "Action": "sts:AssumeRole"
-        },
-        {
-          "Effect": "Allow",
-          "Principal": {
-            "AWS": "arn:aws:iam::primary_account_id:role/AwsResilienceHubPeriodicAssessmentRole"
-          },
-          "Action": "sts:AssumeRole"
-        }
-      ]
-    }
-
@@ -165,15 +107,0 @@ The executor role trust policy is as follows:
-    
-    {
-      {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Principal": {
-            "AWS": "arn:aws:iam::primary_account_id:role/AwsResilienceHubAdminAccountRole"
-          },
-          "Action": "sts:AssumeRole"
-        }
-      ]
-    }
-