AWS prescriptive-guidance documentation change
Summary
Formatting changes to policy examples and notes, including JSON compaction and note reformatting
Security assessment
Formatting adjustments to existing IAM policy examples. No security vulnerabilities addressed; changes maintain existing security guidance on least-privilege policies.
Diff
diff --git a/prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md b/prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md index 0a933bb2d..e743889ef 100644 --- a//prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md +++ b//prescriptive-guidance/latest/least-privilege-cloudformation/sample-id-policies-for-cloudformation.md @@ -15 +15 @@ For a list of CloudFormation specific actions and conditions, see [Actions, reso -###### This section contains the following example policies: +This section contains the following example policies: @@ -33,2 +33 @@ View access is the least-privileged type of access to CloudFormation. This kind - "Statement": [ - { + "Statement":[{ @@ -42,0 +42 @@ View access is the least-privileged type of access to CloudFormation. This kind + }] @@ -44,3 +43,0 @@ View access is the least-privileged type of access to CloudFormation. This kind - ] - } - @@ -52,3 +49,2 @@ The following sample policy allows IAM principals to create stacks by using only -###### Important - -Allow the IAM principal to have read-only access to this S3 bucket. This helps prevent the IAM principal from adding, removing, or modifying the approved templates. +Important: Allow the IAM principal to have read-only access to this S3 bucket. This helps prevent the IAM principal from adding, removing, or modifying the approved templates. +--- @@ -62,3 +58 @@ Allow the IAM principal to have read-only access to this S3 bucket. This helps p - "Action": [ - "cloudformation:CreateStack" - ], + "Action" : [ "cloudformation:CreateStack"], @@ -83,2 +76 @@ To help protect specific CloudFormation stacks that provision business-critical - "Statement": [ - { + "Statement":[{ @@ -91,2 +83 @@ To help protect specific CloudFormation stacks that provision business-critical - } - ] + }] @@ -117,2 +107 @@ However, if you don't allow at least one IAM principal, a _privileged principal_ - "Statement": [ - { + "Statement":[{ @@ -127,3 +116 @@ However, if you don't allow at least one IAM principal, a _privileged principal_ - "aws:PrincipalARN": [ - "<ARN of the allowed privilege IAM principal>" - ] + "aws:PrincipalARN" : [<ARN of the allowed privilege IAM principal> ] @@ -132,2 +119 @@ However, if you don't allow at least one IAM principal, a _privileged principal_ - } - ] + }]