AWS awsconsolehelpdocs documentation change
Summary
Added guidance for dual-stack domains in IAM policies, recommending both IPv4/IPv6 CIDR blocks in aws:SourceIp conditions
Security assessment
The change documents security best practices for access control in dual-stack environments. While not fixing a specific vulnerability, it proactively addresses potential misconfigurations that could cause access denials, enhancing security posture documentation.
Diff
diff --git a/awsconsolehelpdocs/latest/gsg/troubleshooting.md b/awsconsolehelpdocs/latest/gsg/troubleshooting.md index efd390021..1bc99d116 100644 --- a//awsconsolehelpdocs/latest/gsg/troubleshooting.md +++ b//awsconsolehelpdocs/latest/gsg/troubleshooting.md @@ -73,0 +74,2 @@ We recommend you review the IAM policies that contain the `aws:SourceIp` or `aws +Some AWS Management Console features use dual-stack domains that support both IPv4 and IPv6 connections. If your IAM policy restricts access using `aws:SourceIp` with only IPv4 CIDR blocks, requests might fail when your operating system prefers IPv6 connections (or vice versa). To avoid this, include both IPv4 and IPv6 CIDR blocks in your `aws:SourceIp` condition. For more information, see [aws:SourceIp](https://docs.aws.amazon.com//IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceip) in the _AWS Identity and Access Management User Guide_. +