AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-03-10 · Documentation low

File: AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.md

Summary

Clarified IAM role creation process when activating trusted access with Organizations

Security assessment

Enhanced documentation about service-linked role creation for permissions management, which describes security features but does not indicate response to a specific security issue

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.md
index 6e202f125..6130a2983 100644
--- a/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.md
+++ b/AWSCloudFormation/latest/UserGuide/stacksets-orgs-activate-trusted-access.md
@@ -13 +13 @@ Before you create a stack set with service-managed permissions, you must first c
-  * Activate trusted access with AWS Organizations. After trusted access is activated, StackSets creates the necessary IAM roles in the organization's management account and target (member) accounts when you create stack sets with service-managed permissions.
+  * Activate trusted access with AWS Organizations. This action allows CloudFormation to create a service-linked role in the management account. After trusted access is activated, when you create a stack set with service-managed permissions, CloudFormation creates both the necessary service-linked role and a service role named `stacksets-exec-*` in the target (member) accounts.