AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-03-26 · Documentation medium

File: inspector/latest/user/slr-permissions.md

Summary

Added new IAM policy statements for ECS ListClusters/ListTasks and EKS ListClusters access

Security assessment

Expands documentation for security permissions but does not indicate resolution of a security flaw.

Diff

diff --git a/inspector/latest/user/slr-permissions.md b/inspector/latest/user/slr-permissions.md
index 76fe7b216..cce7f7b3e 100644
--- a/inspector/latest/user/slr-permissions.md
+++ b/inspector/latest/user/slr-permissions.md
@@ -40,0 +41,2 @@ The permissions policy for the role, which is named `AmazonInspector2ServiceRole
+  * Use Amazon ECS and Amazon EKS actions to allow read-only access to view clusters and tasks and describe tasks.
+
@@ -318,0 +321,30 @@ The role is configured with the following permissions policy.
+    		},
+    		{
+    			"Sid": "AllowListAccessToECSAndEKS",
+    			"Effect": "Allow",
+    			"Action": [
+    			    "ecs:ListClusters",
+    			    "ecs:ListTasks",
+    			    "eks:ListClusters"
+    			],
+    			"Resource": [
+    			    "*"
+    			],
+    			"Condition": {
+    			    "StringEquals": {
+    			        "aws:ResourceAccount": "${aws:PrincipalAccount}"
+    			    }
+    			}
+    			},
+    			{
+    			"Sid": "AllowAccessToECSTasks",
+    			"Effect": "Allow",
+    			"Action": [
+    			    "ecs:DescribeTasks"
+    			],
+    			"Resource": "arn:aws:ecs:*:*:cluster/*",
+    			"Condition": {
+    			    "StringEquals": {
+    			        "aws:ResourceAccount": "${aws:PrincipalAccount}"
+    				}
+    			}