AWS AWSEC2 medium security documentation change
Summary
Updated service-linked role policy documentation with improved explanations and condition operator change (StringLike to ArnLike)
Security assessment
The change from StringLike to ArnLike condition operator represents a security hardening measure by using more precise permission scoping. The documentation update explicitly calls out this security-related policy improvement.
Diff
diff --git a/AWSEC2/latest/UserGuide/security-iam-awsmanpol.md index 007e5f71f..079713bae 100644 --- a/AWSEC2/latest/UserGuide/security-iam-awsmanpol.md +++ b/AWSEC2/latest/UserGuide/security-iam-awsmanpol.md @@ -29 +29 @@ To view the permissions for this policy, see [AmazonEC2ReadOnlyAccess](https://d -This policy is attached to the service-linked role named **AWSServiceRoleForEC2CapacityReservationFleet** to allow Capacity Reservations to create, modify, and cancel Capacity Reservations on your behalf. For more information, see [Service-linked role for Capacity Reservation Fleet](./using-service-linked-roles.html). +This policy is attached to the service-linked role named **AWSServiceRoleForEC2CapacityReservationFleet** to allow the service to create, modify, and cancel Capacity Reservations in a Capacity Reservation Fleet on your behalf. For more information, see [Using service-linked roles for Capacity Reservation Fleet](./using-service-linked-roles.html). @@ -97,0 +98 @@ Change | Description | Date +AWSEC2CapacityReservationFleetRolePolicy – Updated permissions | Amazon EC2 updated the `AWSEC2CapacityReservationFleetRolePolicy` managed policy to use the `ArnLike` condition operator instead of the `StringLike` condition operator. | March 03, 2025