AWS mwaa documentation change
Summary
Updated references to Apache Airflow RBAC documentation and rephrased content for clarity.
Security assessment
Changes update links to current Airflow documentation and improve readability without introducing new security features or addressing vulnerabilities.
Diff
diff --git a/mwaa/latest/userguide/access-policies.md b/mwaa/latest/userguide/access-policies.md index 91c287b8e..fa783a97a 100644 --- a//mwaa/latest/userguide/access-policies.md +++ b//mwaa/latest/userguide/access-policies.md @@ -569 +569 @@ JSON -A user might need access to the `AmazonMWAAWebServerAccess` permissions policy if they need to access the Apache Airflow UI. It does not allow the user to access environments on the Amazon MWAA console or use the Amazon MWAA APIs to perform any actions. Specify the `Admin`, `Op`, `User`, `Viewer` or the `Public` role in `{airflow-role}` to customize the level of access for the user of the web token. For more information, refer to [Default Roles](https://airflow.apache.org/docs/apache-airflow/1.10.6/security.html?highlight=ldap#default-roles) in the _Apache Airflow reference guide_. +You might need access to the `AmazonMWAAWebServerAccess` permissions policy to access the Apache Airflow UI. This policy does not allow you to access environments on the Amazon MWAA console or use the Amazon MWAA APIs to perform any actions. Specify the `Admin`, `Op`, `User`, `Viewer` or the `Public` role in `{airflow-role}` to customize your level of access for the web token. For more information, see [Access control](https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/access-control.html) on the Apache Airflow website. @@ -594 +594 @@ JSON - * Amazon MWAA provides IAM integration with the five [default Apache Airflow role-based access control (RBAC) roles](https://airflow.apache.org/docs/apache-airflow/stable/security/access-control.html?highlight=roles). For more information about working with custom Apache Airflow roles, refer to [Tutorial: Restricting an Amazon MWAA user's access to a subset of DAGs](./limit-access-to-dags.html). + * Amazon MWAA provides IAM integration with the five default Apache Airflow role-based access control (RBAC) roles. For more information about working with custom Apache Airflow roles, see [Tutorial: Restricting an Amazon MWAA user's access to a subset of DAGs](./limit-access-to-dags.html). @@ -603 +603 @@ JSON -To access the Apache Airflow REST API, you must grant the `airflow:InvokeRestApi` permission in your IAM policy. In the following policy sample, specify the `Admin`, `Op`, `User`, `Viewer` or the `Public` role in `{airflow-role}` to customize the level of user access. For more information, refer to [Default Roles](https://airflow.apache.org/docs/apache-airflow/1.10.6/security.html?highlight=ldap#default-roles) in the _Apache Airflow reference guide_. +To access the Apache Airflow REST API, you must grant the `airflow:InvokeRestApi` permission in your IAM policy. In the following policy sample, specify the `Admin`, `Op`, `User`, `Viewer` or the `Public` role in `{airflow-role}` to customize the level of user access. For more information, see [Access control](https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/access-control.html) on the Apache Airflow website. @@ -737 +737 @@ Let's say you're using a group in IAM named `AirflowDevelopmentGroup` to apply p - 4. `{airflow-role}` – the `Admin` Apache Airflow [Default Role](https://airflow.apache.org/docs/apache-airflow/1.10.6/security.html?highlight=ldap#default-roles) + 4. `{airflow-role}` – the `Admin` Apache Airflow default role. For more information, see [Access control](https://airflow.apache.org/docs/apache-airflow-providers-fab/stable/auth-manager/access-control.html) on the Apache Airflow website.