AWS aws-backup documentation change
Summary
Added a JSON example for an IAM policy allowing the iam:PassRole action
Security assessment
The change adds documentation about securely delegating permissions using IAM roles. While this demonstrates a security feature (role delegation), there's no evidence of addressing a specific vulnerability. The example shows proper implementation of a security control.
Diff
diff --git a/aws-backup/latest/devguide/security-iam-awsmanpol.md b/aws-backup/latest/devguide/security-iam-awsmanpol.md index bd8297425..cec902e2f 100644 --- a//aws-backup/latest/devguide/security-iam-awsmanpol.md +++ b//aws-backup/latest/devguide/security-iam-awsmanpol.md @@ -326,0 +327,21 @@ For EC2 instance restores, you must also include the following permissions to la +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "AllowPassRole", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::123456789012:role/role-name", + "Effect": "Allow" + } + ] + } + + +