AWS wellarchitected documentation change
Summary
Updated references from 'AWS CloudFormation template' to 'CloudFormation template' in third-party access guidance
Security assessment
Branding consistency update without altering security recommendations. The existing security advice about least privilege and audit practices remains unchanged.
Diff
diff --git a/wellarchitected/2023-10-03/framework/sec_permissions_share_securely_third_party.md b/wellarchitected/2023-10-03/framework/sec_permissions_share_securely_third_party.md index 867f6bc16..7ee8316b2 100644 --- a//wellarchitected/2023-10-03/framework/sec_permissions_share_securely_third_party.md +++ b//wellarchitected/2023-10-03/framework/sec_permissions_share_securely_third_party.md @@ -64 +64 @@ Deprecate the use of long-term credentials and use cross-account roles or IAM Ro -The policy created for cross-account access in your accounts must follow the [least-privilege principle](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege). The third party must provide a role policy document or automated setup mechanism that uses an AWS CloudFormation template or an equivalent for you. This reduces the chance of errors associated with manual policy creation and offers an auditable trail. For more information on using a AWS CloudFormation template to create cross-account roles, see [Cross-Account Roles](https://aws.amazon.com/blogs/apn/tag/cross-account-roles/). +The policy created for cross-account access in your accounts must follow the [least-privilege principle](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege). The third party must provide a role policy document or automated setup mechanism that uses an AWS CloudFormation template or an equivalent for you. This reduces the chance of errors associated with manual policy creation and offers an auditable trail. For more information on using a CloudFormation template to create cross-account roles, see [Cross-Account Roles](https://aws.amazon.com/blogs/apn/tag/cross-account-roles/). @@ -66 +66 @@ The policy created for cross-account access in your accounts must follow the [le -The third party should provide an automated, auditable setup mechanism. However, by using the role policy document outlining the access needed, you should automate the setup of the role. Using a AWS CloudFormation template or equivalent, you should monitor for changes with drift detection as part of the audit practice. +The third party should provide an automated, auditable setup mechanism. However, by using the role policy document outlining the access needed, you should automate the setup of the role. Using a CloudFormation template or equivalent, you should monitor for changes with drift detection as part of the audit practice.