AWS memorydb medium security documentation change
Summary
Updated link to IAM condition operator documentation and emphasized case insensitivity for 'Deny' policies
Security assessment
The change explicitly recommends using StringEqualsIgnoreCase in 'Deny' policies to prevent case-sensitive policy bypasses, addressing a potential misconfiguration risk.
Diff
diff --git a/memorydb/latest/devguide/security_iam_service-with-iam.md b/memorydb/latest/devguide/security_iam_service-with-iam.md index 98f068da2..28daf55b9 100644 --- a//memorydb/latest/devguide/security_iam_service-with-iam.md +++ b//memorydb/latest/devguide/security_iam_service-with-iam.md @@ -221 +221 @@ JSON -In cases where you are setting ‘Deny’ based policies, it is recommended to use the [StringEqualsIgnoreCase](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String) operator to avoid all calls with a specific user authentication mode type irrespective of the case. +In cases where you are setting ‘Deny’ based policies, it is recommended to use the [StringEqualsIgnoreCase](https://docs.aws.amazon.com//IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String) operator to avoid all calls with a specific user authentication mode type irrespective of the case.