AWS resource-explorer documentation change
Summary
Expanded AWSResourceExplorerServiceRolePolicy permissions to include 25+ new resource types and updated policy reference links.
Security assessment
Documents expanded IAM policy permissions which are security-related configurations, but the change represents capability expansion rather than addressing a specific security vulnerability. The update enhances security documentation by clarifying role permissions.
Diff
diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md index e74ea06b3..6a210d0c0 100644 --- a/resource-explorer/latest/userguide/security_iam_awsmanpol.md +++ b/resource-explorer/latest/userguide/security_iam_awsmanpol.md @@ -97 +97 @@ This policy grants the permissions required for Resource Explorer to retrieve in -To see the latest version of this AWS managed policy, see `[AWSResourceExplorerServiceRolePolicy](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy)` in the IAM console. +To see the latest version of this AWS managed policy, see `[AWSResourceExplorerServiceRolePolicy](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy)` in the IAM console or [`AWSResourceExplorerServiceRolePolicy`](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerServiceRolePolicy.html) in the _AWS Managed Policy Reference Guide_. @@ -151,0 +152,39 @@ Change | Description | Date +AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types | Resource Explorer modified the permissions in the service-linked role policy AWSResourceExplorerServiceRolePolicy. Permissions were added that allows Resource Explorer to view additional resource types: + + * `appconfig:listapplications` + * `appconfig:listdeploymentstrategies` + * `ce:getanomalymonitors` + * `ce:getanomalysubscriptions` + * `cloudformation:listresources` + * `cloudfront:listcontinuousdeploymentpolicies` + * `cloudtrail:listchannels` + * `codedeploy:listapplications` + * `codedeploy:listdeploymentconfigs` + * `events:listarchives` + * `events:listendpoints` + * `gamelift:listlocations` + * `groundstation:listmissionprofiles` + * `inspector:listassessmenttemplates` + * `iot:listcacertificates` + * `iot:listcertificates` + * `iotdeviceadvisor:listsuitedefinitions` + * `iotfleetwise:listdecodermanifests` + * `iotfleetwise:listmodelmanifests` + * `iotfleetwise:listsignalcatalogs` + * `lightsail:getbuckets` + * `lightsail:getcertificates` + * `managedblockchain:listaccessors` + * `oam:listsinks` + * `omics:listreferencestores` + * `omics:listrungroups` + * `omics:listworkflows` + * `personalize:listsolutions` + * `pipes:listpipes` + * `scheduler:listschedulegroups` + * `scheduler:listschedules` + * `schemas:listdiscoverers` + * `transfer:listcertificates` + * `transfer:listconnectors` + * `transfer:listprofiles` + +| March 21, 2025