You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Per AWS
Description
We are contacting you because AWS Identity and Access Management (IAM) is changing how it validates IAM resource ARNs that are passed to IAM APIs. You may need to take action to update parameters that you pass to IAM APIs in your AWS account. Please refer to the 'Affected resources' tab for a list of IAM APIs for which you may have to update parameters.
In our effort to constantly improve security, IAM has recently started to strictly validate all elements of an IAM resource ARN that you pass as a parameter to an IAM API call. The input ARN must now meet the following conditions:
The partition name must match the partition of the AWS account from where you are calling the API.
The service name must be 'iam'.
The region code must be blank, as IAM resources are global.
The resource type must be a valid IAM resource type [1].
There must not be any trailing spaces in the ARN.
Additionally, we recommend you ensure that the resource ARN strings you pass to IAM APIs and/or use in IAM policies exactly match the resource ARN of your intended resource. Any mismatch in the ARN strings may lead to API errors or unexpected authorization decisions.
To ensure workflow continuity, we have allow-listed your account for IAM API calls that violated one or more of the previously specified input ARN validations.
We recommend that you review and update your IAM API calls and relevant IAM policies in your AWS account by January 31, 2025 to ensure that input ARNs align with the specified validations. After this date, the specified ARN validations will be enforced in your AWS account.
Effected Resource: IAM Policy AttachUserPolicy
The text was updated successfully, but these errors were encountered:
Per AWS
Description
We are contacting you because AWS Identity and Access Management (IAM) is changing how it validates IAM resource ARNs that are passed to IAM APIs. You may need to take action to update parameters that you pass to IAM APIs in your AWS account. Please refer to the 'Affected resources' tab for a list of IAM APIs for which you may have to update parameters.
In our effort to constantly improve security, IAM has recently started to strictly validate all elements of an IAM resource ARN that you pass as a parameter to an IAM API call. The input ARN must now meet the following conditions:
Additionally, we recommend you ensure that the resource ARN strings you pass to IAM APIs and/or use in IAM policies exactly match the resource ARN of your intended resource. Any mismatch in the ARN strings may lead to API errors or unexpected authorization decisions.
To ensure workflow continuity, we have allow-listed your account for IAM API calls that violated one or more of the previously specified input ARN validations.
We recommend that you review and update your IAM API calls and relevant IAM policies in your AWS account by January 31, 2025 to ensure that input ARNs align with the specified validations. After this date, the specified ARN validations will be enforced in your AWS account.
Effected Resource: IAM Policy AttachUserPolicy
The text was updated successfully, but these errors were encountered: