AWS prescriptive-guidance documentation change
Summary
Updated breadcrumb navigation, fixed capitalization of 'AWS Config Rules', removed brackets around 'least privilege model' link, changed 'AWS IAM Access Analyzer' to 'IAM Access Analyzer', and updated section title from 'Building your security architecture' to 'AWS SRA best practices checklist'.
Security assessment
Changes are editorial improvements and terminology updates. No security vulnerabilities or incidents are addressed. The mention of IAM Access Analyzer remains consistent with existing security best practices documentation.
Diff
diff --git a/prescriptive-guidance/latest/security-reference-architecture/iam-resources.md b/prescriptive-guidance/latest/security-reference-architecture/iam-resources.md index f189a6a59..84f63f775 100644 --- a//prescriptive-guidance/latest/security-reference-architecture/iam-resources.md +++ b//prescriptive-guidance/latest/security-reference-architecture/iam-resources.md @@ -3 +3 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture](welcome.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[AWS Security Reference Architecture (AWS SRA) – core architecture](introduction.html) @@ -38 +38 @@ Notes from the table: - 3. Common baseline roles and policies are generally needed to enable automation, such as permissions for the pipeline, deployment tools, monitoring tools (for example, AWS Lambda and AWS Config rules), and other permissions. This configuration is typically delivered when the account is provisioned. + 3. Common baseline roles and policies are generally needed to enable automation, such as permissions for the pipeline, deployment tools, monitoring tools (for example, AWS Lambda and AWS Config Rules), and other permissions. This configuration is typically delivered when the account is provisioned. @@ -61 +61 @@ Notes from the table: -Ensuring that IAM identities have only those permissions that are necessary for a well-delineated set of tasks is critical for reducing the risk of malicious or unintentional abuse of permissions. Establishing and maintaining [a least privilege model](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege) requires a deliberate plan to continually update, evaluate, and mitigate excess privilege. Here are some additional recommendations for that plan: +Ensuring that IAM identities have only those permissions that are necessary for a well-delineated set of tasks is critical for reducing the risk of malicious or unintentional abuse of permissions. Establishing and maintaining a [least privilege model](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege) requires a deliberate plan to continually update, evaluate, and mitigate excess privilege. Here are some additional recommendations for that plan: @@ -75 +75 @@ Ensuring that IAM identities have only those permissions that are necessary for - * Use IAM access advisor, AWS CloudTrail, AWS IAM Access Analyzer, and related tooling to regularly analyze historical usage and permissions granted. Immediately remediate obvious over-permissions. + * Use IAM access advisor, AWS CloudTrail, IAM Access Analyzer, and related tooling to regularly analyze historical usage and permissions granted. Immediately remediate obvious over-permissions. @@ -90 +90 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Building your security architecture - A phased approach +AWS SRA best practices checklist