AWS quicksuite medium security documentation change
Summary
Removed iam:AttachRolePolicy and iam:DetachRolePolicy permissions from multiple IAM policy examples
Security assessment
Removing these permissions enforces least privilege by preventing policy attachment/detachment. This directly addresses privilege escalation risks by reducing over-permissive policies.
Diff
diff --git a/quicksuite/latest/userguide/iam-policy-examples.md b/quicksuite/latest/userguide/iam-policy-examples.md index 8d7264d8a..ebd87dd44 100644 --- a//quicksuite/latest/userguide/iam-policy-examples.md +++ b//quicksuite/latest/userguide/iam-policy-examples.md @@ -35,2 +34,0 @@ The following example shows the IAM permissions needed for Amazon Quick Suite IA - "iam:AttachRolePolicy", - "iam:DetachRolePolicy", @@ -202,2 +199,0 @@ The following example shows a policy that allows Amazon Quick Suite admins to cr - "iam:AttachRolePolicy", - "iam:DetachRolePolicy", @@ -329,2 +324,0 @@ This example explicitly denies permission to unsubscribe from Amazon Quick Suite - "iam:AttachRolePolicy", - "iam:DetachRolePolicy", @@ -393,2 +386,0 @@ This example explicitly denies permission to unsubscribe from Amazon Quick Suite - "iam:AttachRolePolicy", - "iam:DetachRolePolicy",