AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md

Summary

Formatting changes to policy examples and notes, including JSON compaction and note reformatting

Security assessment

Formatting adjustments to existing IAM policy examples. No security vulnerabilities addressed; changes maintain existing security guidance on least-privilege policies.

Diff

diff --git a/prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md b/prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md
index 0a933bb2d..e743889ef 100644
--- a//prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md
+++ b//prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md
@@ -15 +15 @@ For a list of CloudFormation specific actions and conditions, see [Actions, reso
-###### This section contains the following example policies:
+This section contains the following example policies:
@@ -33,2 +33 @@ View access is the least-privileged type of access to CloudFormation. This kind
-      "Statement": [
-        {
+        "Statement":[{
@@ -42,0 +42 @@ View access is the least-privileged type of access to CloudFormation. This kind
+        }]
@@ -44,3 +43,0 @@ View access is the least-privileged type of access to CloudFormation. This kind
-      ]
-    }
-    
@@ -52,3 +49,2 @@ The following sample policy allows IAM principals to create stacks by using only
-###### Important
-
-Allow the IAM principal to have read-only access to this S3 bucket. This helps prevent the IAM principal from adding, removing, or modifying the approved templates.
+Important: Allow the IAM principal to have read-only access to this S3 bucket. This helps prevent the IAM principal from adding, removing, or modifying the approved templates.  
+---  
@@ -62,3 +58 @@ Allow the IAM principal to have read-only access to this S3 bucket. This helps p
-          "Action": [
-            "cloudformation:CreateStack"
-          ],
+          "Action" : [ "cloudformation:CreateStack"],
@@ -83,2 +76 @@ To help protect specific CloudFormation stacks that provision business-critical
-      "Statement": [
-        {
+        "Statement":[{
@@ -91,2 +83 @@ To help protect specific CloudFormation stacks that provision business-critical
-        }
-      ]
+        }]
@@ -117,2 +107 @@ However, if you don't allow at least one IAM principal, a _privileged principal_
-      "Statement": [
-        {
+        "Statement":[{
@@ -127,3 +116 @@ However, if you don't allow at least one IAM principal, a _privileged principal_
-              "aws:PrincipalARN": [
-                "<ARN of the allowed privilege IAM principal>"
-              ]
+              		"aws:PrincipalARN" : [<ARN of the allowed privilege IAM principal>  ]
@@ -132,2 +119 @@ However, if you don't allow at least one IAM principal, a _privileged principal_
-        }
-      ]
+        }]