AWS codepipeline documentation change
Summary
Removed 'CodePipeline' from section titles and descriptions throughout the IAM policy documentation, making references more generic
Security assessment
These are stylistic/formatting changes that remove service name repetition but don't change security content, policy examples, or address any security vulnerabilities. The changes maintain the same security guidance about IAM policies, resource ARNs, and least privilege principles.
Diff
diff --git a/codepipeline/latest/userguide/security_iam_service-with-iam.md b/codepipeline/latest/userguide/security_iam_service-with-iam.md index f806007a5..c3339e9fe 100644 --- a//codepipeline/latest/userguide/security_iam_service-with-iam.md +++ b//codepipeline/latest/userguide/security_iam_service-with-iam.md @@ -61 +61 @@ The `Resource` JSON policy element specifies the object or objects to which the -#### CodePipeline resources and operations +#### resources and operations @@ -63 +63 @@ The `Resource` JSON policy element specifies the object or objects to which the -In CodePipeline, the primary resource is a pipeline. In a policy, you use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CodePipeline supports other resources that can be used with the primary resource, such as stages, actions, and custom actions. These are referred to as subresources. These resources and subresources have unique Amazon Resource Names (ARNs) associated with them. For more information about ARNs, see [Amazon Resource Names (ARN) and AWS service namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the _Amazon Web Services General Reference_. To get the pipeline ARN associated with your pipeline, you can find the pipeline ARN under **Settings** in the console. For more information, see [View the pipeline ARN and service role ARN (console)](./pipelines-settings-console.html). +In , the primary resource is a pipeline. In a policy, you use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. supports other resources that can be used with the primary resource, such as stages, actions, and custom actions. These are referred to as subresources. These resources and subresources have unique Amazon Resource Names (ARNs) associated with them. For more information about ARNs, see [Amazon Resource Names (ARN) and AWS service namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the _Amazon Web Services General Reference_. To get the pipeline ARN associated with your pipeline, you can find the pipeline ARN under **Settings** in the console. For more information, see [View the pipeline ARN and service role ARN (console)](./pipelines-settings-console.html). @@ -71,2 +71,2 @@ Custom action | arn:aws:codepipeline:`region`:`account`:actiontype:`owner`/`cate -All CodePipeline resources | arn:aws:codepipeline:* -All CodePipeline resources owned by the specified account in the specified Region | arn:aws:codepipeline:`region`:`account`:* +All resources | arn:aws:codepipeline:* +All resources owned by the specified account in the specified Region | arn:aws:codepipeline:`region`:`account`:* @@ -76 +76 @@ All CodePipeline resources owned by the specified account in the specified Regio -Most services in AWS treat a colon (:) or a forward slash (/) as the same character in ARNs. However, CodePipeline uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the pipeline you want to match. +Most services in AWS treat a colon (:) or a forward slash (/) as the same character in ARNs. However, uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the pipeline you want to match. @@ -78 +78 @@ Most services in AWS treat a colon (:) or a forward slash (/) as the same charac -In CodePipeline, there are API calls that support resource-level permissions. Resource-level permissions indicate whether an API call can specify a resource ARN, or whether the API call can only specify all resources using the wildcard. See [CodePipeline permissions reference](./permissions-reference.html) for a detailed description of resource-level permissions and a listing of the CodePipeline API calls that support resource-level permissions. +In , there are API calls that support resource-level permissions. Resource-level permissions indicate whether an API call can specify a resource ARN, or whether the API call can only specify all resources using the wildcard. See [permissions reference](./permissions-reference.html) for a detailed description of resource-level permissions and a listing of the CodePipeline API calls that support resource-level permissions. @@ -99 +99 @@ When you create IAM policies, follow the standard security advice of granting le -Some CodePipeline API calls accept multiple resources (for example, `GetPipeline`). To specify multiple resources in a single statement, separate their ARNs with commas, as follows: +Some API calls accept multiple resources (for example, `GetPipeline`). To specify multiple resources in a single statement, separate their ARNs with commas, as follows: @@ -104 +104 @@ Some CodePipeline API calls accept multiple resources (for example, `GetPipeline -CodePipeline provides a set of operations to work with the CodePipeline resources. For a list of available operations, see [CodePipeline permissions reference](./permissions-reference.html). +provides a set of operations to work with the resources. For a list of available operations, see [permissions reference](./permissions-reference.html).