AWS tag-editor documentation change
Summary
Removed reference to Tag Editor migration, added JSON formatting markers, and updated resource ARN examples with concrete region/account values
Security assessment
Changes primarily update policy examples with proper formatting and concrete values. While related to security policies, there's no evidence of addressing a specific vulnerability
Diff
diff --git a/tag-editor/latest/userguide/security_iam_id-based-policy-examples.md b/tag-editor/latest/userguide/security_iam_id-based-policy-examples.md index b1c9b94b5..d0aea042d 100644 --- a//tag-editor/latest/userguide/security_iam_id-based-policy-examples.md +++ b//tag-editor/latest/userguide/security_iam_id-based-policy-examples.md @@ -7,2 +6,0 @@ Policy best practicesUsing the consoleAllow users to view their own permissionsV -AWS has moved Tag Editor tag management functionality from the AWS Resource Groups console to the AWS Resource Explorer console. With Resource Explorer, you can search and filter resources and then manage resource tags from a single console. To learn more about managing resource tags in Resource Explorer, review [Managing resources](https://docs.aws.amazon.com/resource-explorer/latest/userguide/managing-resources.html#arex_console_quickactions) in the Resource Explorer user guide. - @@ -52,0 +51,6 @@ To ensure that those principals can still use Tag Editor, attach the following p +JSON + + +**** + + @@ -115,0 +121,6 @@ You can use conditions in your identity-based policy to control access to Tag Ed +JSON + + +**** + + @@ -123 +134 @@ You can use conditions in your identity-based policy to control access to Tag Ed - "Resource": "arn:aws:resource-groups::region:account_ID:group/group_name" + "Resource": "arn:aws:resource-groups:us-east-1:111122223333:group/group_name" @@ -128 +139 @@ You can use conditions in your identity-based policy to control access to Tag Ed - "Resource": "arn:aws:resource-groups::region:account_ID:group/group_name", + "Resource": "arn:aws:resource-groups:us-east-1:111122223333:group/group_name",