AWS Security ChangesHomeSearch

AWS privateca medium security documentation change

Service: privateca · 2025-11-22 · Security-related medium

File: privateca/latest/userguide/pca-rbp.md

Summary

Modified IAM policy examples to use certificate authority ARNs without certificate-specific paths

Security assessment

Corrects IAM resource ARNs to scope permissions at the CA level rather than individual certificates. This prevents potential over-permission issues where policies might inadvertently grant certificate-level access when CA-level was intended, improving least-privilege adherence.

Diff

diff --git a/privateca/latest/userguide/pca-rbp.md b/privateca/latest/userguide/pca-rbp.md
index 0843835cc..62e570081 100644
--- a//privateca/latest/userguide/pca-rbp.md
+++ b//privateca/latest/userguide/pca-rbp.md
@@ -83 +83 @@ JSON
-                "Resource": "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/CA_ID/certificate/certificate_ID"
+                "Resource": "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/CA_ID"
@@ -94 +94 @@ JSON
-                "Resource": "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/CA_ID/certificate/certificate_ID",
+                "Resource": "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/CA_ID",