AWS autoscaling documentation change
Summary
Updated documentation to consistently use full 'Amazon EC2 Auto Scaling group' terminology instead of 'Auto Scaling group' in trust policy examples and explanations
Security assessment
Changes are terminological updates for consistency rather than addressing security vulnerabilities. The content maintains existing security guidance about cross-service access restrictions but doesn't introduce new security features or address specific vulnerabilities.
Diff
diff --git a/autoscaling/ec2/userguide/cross-service-confused-deputy-prevention.md b/autoscaling/ec2/userguide/cross-service-confused-deputy-prevention.md index b42b056f8..d687ab496 100644 --- a//autoscaling/ec2/userguide/cross-service-confused-deputy-prevention.md +++ b//autoscaling/ec2/userguide/cross-service-confused-deputy-prevention.md @@ -23 +23 @@ The following example shows how you can use the `aws:SourceArn` and `aws:SourceA -A role that a service assumes to perform actions on your behalf is called a [service role](./control-access-using-iam.html#security_iam_service-with-iam-roles-service). In cases where you want to create lifecycle hooks that send notifications to anywhere other than Amazon EventBridge, you must create a service role to allow Amazon EC2 Auto Scaling to send notifications to an Amazon SNS topic or Amazon SQS queue on your behalf. If you want only one Auto Scaling group to be associated with the cross-service access, you can specify the trust policy of the service role as follows. +A role that a service assumes to perform actions on your behalf is called a [service role](./control-access-using-iam.html#security_iam_service-with-iam-roles-service). In cases where you want to create lifecycle hooks that send notifications to anywhere other than Amazon EventBridge, you must create a service role to allow Amazon EC2 Auto Scaling to send notifications to an Amazon SNS topic or Amazon SQS queue on your behalf. If you want only one Amazon EC2 Auto Scaling group to be associated with the cross-service access, you can specify the trust policy of the service role as follows. @@ -25 +25 @@ A role that a service assumes to perform actions on your behalf is called a [ser -This example trust policy uses condition statements to limit the `AssumeRole` capability on the service role to only the actions that affect the specified Auto Scaling group in the specified account. The `aws:SourceArn` and `aws:SourceAccount` conditions are evaluated independently. Any request to use the service role must satisfy both conditions. +This example trust policy uses condition statements to limit the `AssumeRole` capability on the service role to only the actions that affect the specified Amazon EC2 Auto Scaling group in the specified account. The `aws:SourceArn` and `aws:SourceAccount` conditions are evaluated independently. Any request to use the service role must satisfy both conditions. @@ -80 +80 @@ Identity-based policy examples -Control Amazon EC2 launch template usage in Auto Scaling groups +Control Amazon EC2 launch template usage in Amazon EC2 Auto Scaling groups