AWS iot-device-defender documentation change
Summary
Added JSON example policy for IoT logging mitigation action requiring iot:SetV2LoggingOptions and iam:PassRole permissions
Security assessment
Documents required IAM permissions for a security feature (logging mitigation), but doesn't address any specific vulnerability. Shows proper implementation of security controls.
Diff
diff --git a/iot-device-defender/latest/devguide/dd-mitigation-actions.md b/iot-device-defender/latest/devguide/dd-mitigation-actions.md index f4231addc..42d35417a 100644 --- a//iot-device-defender/latest/devguide/dd-mitigation-actions.md +++ b//iot-device-defender/latest/devguide/dd-mitigation-actions.md @@ -489,0 +490,29 @@ ENABLE_IOT_LOGGING | + +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iot:SetV2LoggingOptions" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": "arn:aws:iam::123456789012:role/IoTLoggingRole" + } + ] + } + +