AWS ssm-sap documentation change
Summary
Removed documentation about December 2024 policy update that added EC2 describe permissions for discovery functionality
Security assessment
Change removes documentation about previous policy expansion but doesn't indicate any security vulnerability or weakness being addressed
Diff
diff --git a/ssm-sap/latest/userguide/iam-policies.md b/ssm-sap/latest/userguide/iam-policies.md index 718fba8e7..9c9942aa9 100644 --- a/ssm-sap/latest/userguide/iam-policies.md +++ b/ssm-sap/latest/userguide/iam-policies.md @@ -115,9 +114,0 @@ Change | Description | Date -[AWSSSMForSAPServiceLinkedRolePolicy](https://docs.aws.amazon.com/ssm-sap/latest/userguide/slr.html#slr-permissions) – Updated policy | The following permissions have been added to `DescribeInstanceActions` within this policy: - - * `ec2:DescribeRouteTables` - * `ec2:DescribeInstanceTypes` - * `ec2:DescribeVolumes` - * `ec2:DescribeInstanceAttribute` - * `ec2:DescribeSnapshots` - -These permissions are required to support new functionality that allows users to run discovery on workloads. | December 20, 2024