AWS grafana documentation change
Summary
Replaced 'AWS CloudFormation' with 'CloudFormation' in two locations: policy condition example and service-managed permissions note
Security assessment
Branding consistency in IAM policy examples. SSL condition example and policy deployment methods remain functionally identical with no security impact.
Diff
diff --git a/grafana/latest/userguide/security_iam_id-based-policy-examples.md b/grafana/latest/userguide/security_iam_id-based-policy-examples.md index 95b8a69e4..366fbdc35 100644 --- a//grafana/latest/userguide/security_iam_id-based-policy-examples.md +++ b//grafana/latest/userguide/security_iam_id-based-policy-examples.md @@ -34 +34 @@ Identity-based policies determine whether someone can create, access, or delete - * **Use conditions in IAM policies to further restrict access** – You can add a condition to your policies to limit access to actions and resources. For example, you can write a policy condition to specify that all requests must be sent using SSL. You can also use conditions to grant access to service actions if they are used through a specific AWS service, such as AWS CloudFormation. For more information, see [ IAM JSON policy elements: Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the _IAM User Guide_. + * **Use conditions in IAM policies to further restrict access** – You can add a condition to your policies to limit access to actions and resources. For example, you can write a policy condition to specify that all requests must be sent using SSL. You can also use conditions to grant access to service actions if they are used through a specific AWS service, such as CloudFormation. For more information, see [ IAM JSON policy elements: Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the _IAM User Guide_. @@ -68 +68 @@ To grant permissions to create and manage Amazon Managed Grafana workspaces acro -If you want to use service-managed permissions when you create an Amazon Managed Grafana workspace, the user who creates the workspace must also have the `iam:CreateRole`, `iam:CreatePolicy`, and `iam:AttachRolePolicy` permissions. These are required to use AWS CloudFormation StackSets to deploy policies that enable you to read data sources in the organization's accounts. +If you want to use service-managed permissions when you create an Amazon Managed Grafana workspace, the user who creates the workspace must also have the `iam:CreateRole`, `iam:CreatePolicy`, and `iam:AttachRolePolicy` permissions. These are required to use CloudFormation StackSets to deploy policies that enable you to read data sources in the organization's accounts.