AWS Security ChangesHomeSearch

AWS neptune-analytics high security documentation change

Service: neptune-analytics · 2026-03-07 · Security-related high

File: neptune-analytics/latest/userguide/cross-service-confused-deputy-prevention.md

Summary

Added example IAM policy with source ARN/account conditions to prevent confused deputy attacks

Security assessment

The change directly addresses security by demonstrating how to prevent confused deputy attacks through IAM conditions, which is a known AWS cross-service security risk.

Diff

diff --git a/neptune-analytics/latest/userguide/cross-service-confused-deputy-prevention.md b/neptune-analytics/latest/userguide/cross-service-confused-deputy-prevention.md
index d2c854142..f8d2b321f 100644
--- a//neptune-analytics/latest/userguide/cross-service-confused-deputy-prevention.md
+++ b//neptune-analytics/latest/userguide/cross-service-confused-deputy-prevention.md
@@ -18,0 +19,32 @@ The following example shows how you can use the `aws:SourceArn` and `aws:SourceA
+JSON
+    
+
+****
+    
+    
+    
+    {
+      "Version":"2012-10-17",		 	 	 
+      "Statement": {
+        "Sid": "ConfusedDeputyPreventionExamplePolicy",
+        "Effect": "Allow",
+        "Principal": {
+          "Service": "neptune-graph.amazonaws.com"
+        },
+        "Action": "neptune-graph:CreateGraph",
+        "Resource": [
+          "arn:aws:neptune-graph:us-east-1:123456789012:graph/*"
+        ],
+        "Condition": {
+          "ArnLike": {
+            "aws:SourceArn": "arn:aws:neptune-graph:*:123456789012:*"
+          },
+          "StringEquals": {
+            "aws:SourceAccount": "123456789012"
+          }
+        }
+      }
+    }
+    
+    
+