AWS prescriptive-guidance documentation change
Summary
Updated image path and added italics formatting in authorization example.
Security assessment
Formatting tweaks and image relocation; no changes to ABAC/RBAC security policies or vulnerability mitigations.
Diff
diff --git a/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/avp-mt-abac-examples.md b/prescriptive-guidance/latest/saas-multitenant-api-access-authorization/avp-mt-abac-examples.md index dd7a82097..7b22e224b 100644 --- a//prescriptive-guidance/latest/saas-multitenant-api-access-authorization/avp-mt-abac-examples.md +++ b//prescriptive-guidance/latest/saas-multitenant-api-access-authorization/avp-mt-abac-examples.md @@ -13 +13 @@ Using the Per Tenant Policy Store design pattern is a best practice for maintain - + @@ -45 +45 @@ This second policy mandates that principals that are a part of the `viewDataRole -The authorization request made from Tenant A needs to be sent to the `DATAMICROSERVICE_POLICYSTORE_A` policy store and verified by the policies that belong to that store. In this case, it's verified by the first policy discussed earlier as part of this example. In this authorization request, the principal of type `User` with a value of `Alice` is requesting to perform the `viewData` action. The principal belongs to the group `allAccessRole` of type `Role`. Alice is trying to perform the `viewData` action on the `SampleData` resource. Because Alice has the `allAccessRole` role, this evaluation results in an `ALLOW` decision. +The authorization request made from Tenant A needs to be sent to the `DATAMICROSERVICE_POLICYSTORE_A` policy store and verified by the policies that belong to that store. In this case, it's verified by the first policy discussed earlier as part of this example. In this authorization request, the principal of type `User` with a value of `Alice` is requesting to perform the `viewData` action _._ The principal belongs to the group `allAccessRole` of type `Role`. Alice is trying to perform the `viewData` action on the `SampleData` resource _._ Because Alice has the `allAccessRole` role, this evaluation results in an `ALLOW` decision.