AWS resilience-hub documentation change
Summary
Replaced JSON policy examples with markdown headers and simplified structure for role trust policies
Security assessment
Changed policy examples to textual descriptions but maintained security-related content about role permissions. No specific security flaws are mentioned, but the changes affect how security configurations are documented. The replacement of JSON policies with placeholders might indicate a documentation format change rather than a security fix.
Diff
diff --git a/resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md b/resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md index 7834bdeb9..59c0afc0e 100644 --- a//resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md +++ b//resilience-hub/latest/userguide/security-iam-resilience-hub-current-user-permissions.md @@ -34,22 +34 @@ You must create a new role `AwsResilienceHubPeriodicAssessmentRole` to enable AW - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "iam:GetRole", - "sts:AssumeRole" - ], - "Resource": "arn:aws:iam::primary_account_id:role/AwsResilienceHubAdminAccountRole" - }, - { - "Effect": "Allow", - "Action": [ - "sts:AssumeRole" - ], - "Resource": [ - "arn:aws:iam::primary_account_id:role/AwsResilienceHubAssessmentEKSAccessRole" - ] - } - ] - } +**Trust policy for the scheduled assessment's role (`AwsResilienceHubPeriodicAssessmentRole`)** @@ -56,0 +36,4 @@ You must create a new role `AwsResilienceHubPeriodicAssessmentRole` to enable AW +JSON + + +**** @@ -58 +40,0 @@ You must create a new role `AwsResilienceHubPeriodicAssessmentRole` to enable AW -**Trust policy for the scheduled assessment's role (`AwsResilienceHubPeriodicAssessmentRole`)** @@ -115,19 +97,0 @@ The following policy provides executor permissions to your role for accessing re - - { - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::secondary_account_id_1:role/AwsResilienceHubExecutorAccountRole", - "arn:aws:iam::secondary_account_id_2:role/AwsResilienceHubExecutorAccountRole", - ... - ], - "Action": [ - "sts:AssumeRole" - ] - } - ] - } - @@ -136,21 +99,0 @@ The trust policy for the admin role (`AwsResilienceHubAdminAccountRole`) is as f - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::primary_account_id:role/caller_IAM_role" - }, - "Action": "sts:AssumeRole" - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::primary_account_id:role/AwsResilienceHubPeriodicAssessmentRole" - }, - "Action": "sts:AssumeRole" - } - ] - } - @@ -165,15 +107,0 @@ The executor role trust policy is as follows: - - { - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::primary_account_id:role/AwsResilienceHubAdminAccountRole" - }, - "Action": "sts:AssumeRole" - } - ] - } -