AWS AWSCloudFormation documentation change
Summary
Updated service name from 'AWS CloudFormation StackSets' to 'CloudFormation StackSets' in security context
Security assessment
Terminology refinement in existing security guidance about confused deputy prevention. No new security content added
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md b/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md index bf37cfac5..d213da818 100644 --- a//AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md +++ b//AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.md @@ -531 +531 @@ The confused deputy problem is a security issue where an entity that doesn't hav -We recommend using the [aws:SourceArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [aws:SourceAccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in resource policies to limit the permissions that AWS CloudFormation StackSets gives another service to the resource. If you use both global condition context keys, the `aws:SourceAccount` value and the account in the `aws:SourceArn` value must use the same account ID when used in the same policy statement. +We recommend using the [aws:SourceArn](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn) and [aws:SourceAccount](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount) global condition context keys in resource policies to limit the permissions that CloudFormation StackSets gives another service to the resource. If you use both global condition context keys, the `aws:SourceAccount` value and the account in the `aws:SourceArn` value must use the same account ID when used in the same policy statement.