AWS tnb documentation change
Summary
Updated references from 'AWS CloudFormation' to 'CloudFormation' in policy examples and service role documentation
Security assessment
Changes are branding/style updates (removing redundant 'AWS' prefix from CloudFormation references) rather than substantive security content changes. The policy guidance about SSL enforcement and IAM conditions remains unchanged.
Diff
diff --git a/tnb/latest/ug/security_iam_id-based-policy-examples.md b/tnb/latest/ug/security_iam_id-based-policy-examples.md index 810574ed1..381e9d3f3 100644 --- a//tnb/latest/ug/security_iam_id-based-policy-examples.md +++ b//tnb/latest/ug/security_iam_id-based-policy-examples.md @@ -36 +36 @@ Identity-based policies determine whether someone can create, access, or delete - * **Use conditions in IAM policies to further restrict access** – You can add a condition to your policies to limit access to actions and resources. For example, you can write a policy condition to specify that all requests must be sent using SSL. You can also use conditions to grant access to service actions if they are used through a specific AWS service, such as AWS CloudFormation. For more information, see [ IAM JSON policy elements: Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the _IAM User Guide_. + * **Use conditions in IAM policies to further restrict access** – You can add a condition to your policies to limit access to actions and resources. For example, you can write a policy condition to specify that all requests must be sent using SSL. You can also use conditions to grant access to service actions if they are used through a specific AWS service, such as CloudFormation. For more information, see [ IAM JSON policy elements: Condition](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html) in the _IAM User Guide_. @@ -61 +61 @@ You create the service role and its permission policy with the IAM service. For -As a member of the platform team, you can as an administrator create an AWS TNB service role and provide it to AWS TNB. This role allows AWS TNB to make calls to other services such as Amazon Elastic Kubernetes Service and AWS CloudFormation to provision the required infrastructure for your network and provision network functions as defined in your NSD. +As a member of the platform team, you can as an administrator create an AWS TNB service role and provide it to AWS TNB. This role allows AWS TNB to make calls to other services such as Amazon Elastic Kubernetes Service and CloudFormation to provision the required infrastructure for your network and provision network functions as defined in your NSD. @@ -418 +418 @@ When you create an Amazon EKS node group resources in your NSD, you provide the -The following example shows a AWS CloudFormation template that creates a AWS TNB service role for the Amazon EKS node group policy. +The following example shows a CloudFormation template that creates a AWS TNB service role for the Amazon EKS node group policy. @@ -474 +474 @@ When you create an Amazon EKS resource in your NSD and you want to manage Multus -The following example shows a AWS CloudFormation template that creates a AWS TNB service role for a Multus policy. +The following example shows a CloudFormation template that creates a AWS TNB service role for a Multus policy. @@ -539 +539 @@ Your life-cycle hook policy should be based on what your life-cycle hook is atte -The following example shows a AWS CloudFormation template that creates a AWS TNB service role for a life-cycle hook policy. +The following example shows a CloudFormation template that creates a AWS TNB service role for a life-cycle hook policy.