AWS drs documentation change
Summary
Corrected terminology from 'attribute-based control (ABAC)' to 'attribute-based access control (ABAC)' and clarified that 'Amazon DRS' (not just 'Amazon') performs authorization for the drs:TagResource action.
Security assessment
The change clarifies the correct name of the ABAC security model and specifies the service responsible for authorization checks. This improves documentation of security features (access control) but does not indicate a fix for a specific security vulnerability.
Diff
diff --git a/drs/latest/userguide/supported-iam-actions-tagging.md b/drs/latest/userguide/supported-iam-actions-tagging.md index 68d268498..0b9a7beb0 100644 --- a//drs/latest/userguide/supported-iam-actions-tagging.md +++ b//drs/latest/userguide/supported-iam-actions-tagging.md @@ -9 +9 @@ -Some resource-creating Amazon DRS API actions allow you to specify tags when you create the resource. You can use resource tags to implement attribute-based control (ABAC). +Some resource-creating Amazon DRS API actions allow you to specify tags when you create the resource. You can use resource tags to implement attribute-based access control (ABAC). @@ -22 +22 @@ To allow users to tag resources on creation, they must have permissions to use t -If tags are specified in the resource-creating action, Amazon performs additional authorization on the `drs:TagResource` action to verify that users have permissions to create tags. Therefore, users must also have explicit permissions to use the `drs:TagResource` action. +If tags are specified in the resource-creating action, Amazon DRS performs additional authorization on the `drs:TagResource` action to verify that users have permissions to create tags. Therefore, users must also have explicit permissions to use the `drs:TagResource` action.