AWS Security ChangesHomeSearch

AWS AmazonElastiCache high security documentation change

Service: AmazonElastiCache · 2025-11-07 · Security-related high

File: AmazonElastiCache/latest/dg/auth-iam.md

Summary

Modified IAM trust policy to specify a concrete principal (AWS root ARN) instead of a wildcard resource.

Security assessment

Replacing 'Resource': 'arn:aws:iam::*:role/*' with a specific root ARN reduces privilege escalation risks by limiting which entities can assume the role. This directly addresses a security best practice (avoiding wildcards in trust policies).

Diff

diff --git a/AmazonElastiCache/latest/dg/auth-iam.md b/AmazonElastiCache/latest/dg/auth-iam.md
index b8452fc95..8fe913e94 100644
--- a//AmazonElastiCache/latest/dg/auth-iam.md
+++ b//AmazonElastiCache/latest/dg/auth-iam.md
@@ -78,2 +78,2 @@ JSON
-            "Action": "sts:AssumeRole",
-            "Resource": "arn:aws:iam::*:role/*"
+            "Principal": { "AWS": "arn:aws:iam::123456789012:root" },
+            "Action": "sts:AssumeRole"