AWS solutions high security documentation change
Summary
Removed IAM policy statements denying DynamoDB/SSM access and restructured content.
Security assessment
Deletes explicit security controls (Deny policies) for DynamoDB and SSM resources, potentially weakening documented security posture.
Diff
diff --git a/solutions/latest/automations-for-aws-firewall-manager/security.md b/solutions/latest/automations-for-aws-firewall-manager/security.md index d9a55dbf4..7d82a3be6 100644 --- a//solutions/latest/automations-for-aws-firewall-manager/security.md +++ b//solutions/latest/automations-for-aws-firewall-manager/security.md @@ -87,16 +87,2 @@ By default, an IAM user or role must be explicitly authorized to [perform an act - "Resource": "arn:aws:dynamodb:<region>:<account-id>:table/<table-name>", - "Effect": "Deny", - "Sid": "FMSDDBSecure" - }, - { - "Action": "ssm:*" - "Resource": [ - "arn:aws:ssm:<region>:<account-id>:parameter/FMS/OUs", - "arn:aws:ssm:<region>:<account-id>:parameter/FMS/Regions", - "arn:aws:ssm:<region>:<account-id>:parameter/FMS/Tags" - ], - "Effect": "Deny", - "Sid": "FMSSSMSecure" - } - ] - } + "Resource": "arn:aws:dynamodb: + @@ -112 +98 @@ Cost -Quotas +Deploy the solution