AWS notifications documentation change
Summary
Added detailed IAM policy example with ListNotificationConfigurations and conditional GetNotificationConfiguration based on resource tags
Security assessment
The change provides security documentation for implementing least-privilege access control using resource tags. While security-related, there's no evidence of addressing a specific vulnerability - this appears to be standard security guidance improvement.
Diff
diff --git a/notifications/latest/userguide/security_iam_id-based-policy-examples.md b/notifications/latest/userguide/security_iam_id-based-policy-examples.md index 2ea9245bf..4b31e6e53 100644 --- a//notifications/latest/userguide/security_iam_id-based-policy-examples.md +++ b//notifications/latest/userguide/security_iam_id-based-policy-examples.md @@ -90,0 +91,29 @@ You can use conditions in your identity-based policy to control access to User N +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "ListNotificationConfigurationsInConsole", + "Effect": "Allow", + "Action": "notifications:ListNotificationConfigurations", + "Resource": "*" + }, + { + "Sid": "ViewNotificationConfigurationIfOwner", + "Effect": "Allow", + "Action": "notifications:GetNotificationConfiguration", + "Resource": "arn:aws:notifications:*:*:configuration/*", + "Condition": { + "StringEquals": {"aws:ResourceTag/Owner": "${aws:username}"} + } + } + ] + } + +