AWS wellarchitected documentation change
Summary
Changed 'AWS CloudFormation' to 'CloudFormation' in cross-account role documentation
Security assessment
Terminology update without altering security guidance. The existing security recommendations about least-privilege and audit practices remain unchanged.
Diff
diff --git a/wellarchitected/2023-04-10/framework/sec_permissions_share_securely_third_party.md b/wellarchitected/2023-04-10/framework/sec_permissions_share_securely_third_party.md index 23c2ad973..887a2b9f7 100644 --- a//wellarchitected/2023-04-10/framework/sec_permissions_share_securely_third_party.md +++ b//wellarchitected/2023-04-10/framework/sec_permissions_share_securely_third_party.md @@ -64 +64 @@ Deprecate the use of long-term credentials and use cross-account roles or IAM Ro -The policy created for cross-account access in your accounts must follow the [least-privilege principle](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege). The third party must provide a role policy document or automated setup mechanism that uses an AWS CloudFormation template or an equivalent for you. This reduces the chance of errors associated with manual policy creation and offers an auditable trail. For more information on using a AWS CloudFormation template to create cross-account roles, see [Cross-Account Roles](https://aws.amazon.com/blogs/apn/tag/cross-account-roles/). +The policy created for cross-account access in your accounts must follow the [least-privilege principle](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege). The third party must provide a role policy document or automated setup mechanism that uses an AWS CloudFormation template or an equivalent for you. This reduces the chance of errors associated with manual policy creation and offers an auditable trail. For more information on using a CloudFormation template to create cross-account roles, see [Cross-Account Roles](https://aws.amazon.com/blogs/apn/tag/cross-account-roles/). @@ -66 +66 @@ The policy created for cross-account access in your accounts must follow the [le -The third party should provide an automated, auditable setup mechanism. However, by using the role policy document outlining the access needed, you should automate the setup of the role. Using a AWS CloudFormation template or equivalent, you should monitor for changes with drift detection as part of the audit practice. +The third party should provide an automated, auditable setup mechanism. However, by using the role policy document outlining the access needed, you should automate the setup of the role. Using a CloudFormation template or equivalent, you should monitor for changes with drift detection as part of the audit practice.