AWS AmazonElastiCache high security documentation change
Summary
Modified IAM trust policy to specify a concrete principal (AWS root ARN) instead of a wildcard resource.
Security assessment
Replacing 'Resource': 'arn:aws:iam::*:role/*' with a specific root ARN reduces privilege escalation risks by limiting which entities can assume the role. This directly addresses a security best practice (avoiding wildcards in trust policies).
Diff
diff --git a/AmazonElastiCache/latest/dg/auth-iam.md b/AmazonElastiCache/latest/dg/auth-iam.md index b8452fc95..8fe913e94 100644 --- a//AmazonElastiCache/latest/dg/auth-iam.md +++ b//AmazonElastiCache/latest/dg/auth-iam.md @@ -78,2 +78,2 @@ JSON - "Action": "sts:AssumeRole", - "Resource": "arn:aws:iam::*:role/*" + "Principal": { "AWS": "arn:aws:iam::123456789012:root" }, + "Action": "sts:AssumeRole"