AWS eventbridge documentation change
Summary
Added clarification about the 'events:ManagedBy' condition key usage for AWS-managed rules.
Security assessment
Documents IAM condition key usage for scoping permissions to AWS-managed rules, enhancing security posture awareness. No specific vulnerability is addressed.
Diff
diff --git a/eventbridge/latest/userguide/eb-use-conditions.md b/eventbridge/latest/userguide/eb-use-conditions.md index 54521aa31..0e7110853 100644 --- a//eventbridge/latest/userguide/eb-use-conditions.md +++ b//eventbridge/latest/userguide/eb-use-conditions.md @@ -39 +39 @@ events:eventBusInvocation | `"events:eventBusInvocation":"`boolean`"` For `bool -events:ManagedBy | Used internally by AWS services. For a rule created by an AWS service on your behalf, the value is the principal name of the service that created the rule. | Not intended for use in customer policies. +events:ManagedBy | Used internally by AWS services. For a rule created by an AWS service on your behalf, the value is the principal name of the service that created the rule. | Used to scope permissions to rules created by AWS services on your behalf (managed rules). For example, the `AmazonS3FilesFullAccess` managed policy uses this key to allow creation of only managed EventBridge rules.