AWS managedservices documentation change
Summary
Added 'IAM prerequisite' section requiring explicit permissions for AMS Accelerate capabilities and linked example IAM policies.
Security assessment
The change documents IAM permission requirements, which are security-related, but does not indicate a fix for a specific security issue.
Diff
diff --git a/managedservices/latest/accelerate-guide/acc-gs-prereqs.md b/managedservices/latest/accelerate-guide/acc-gs-prereqs.md index fd34fc422..13016dfee 100644 --- a/managedservices/latest/accelerate-guide/acc-gs-prereqs.md +++ b/managedservices/latest/accelerate-guide/acc-gs-prereqs.md @@ -5 +5 @@ -VPC endpointsOutbound internet connectivityTesting outbound connectivitySSM prerequisite +VPC endpointsOutbound internet connectivityTesting outbound connectivitySSM prerequisiteIAM prerequisite @@ -85,0 +86,4 @@ You must install the AWS Systems Manager Agent (SSM Agent) on all of the EC2 ins +## IAM in Accelerate + +To allow your users to read and configure AMS Accelerate capabilities, like accessing the AMS console or configuring backups, you must grant explicit permissions in AWS Identity and Access Management (IAM) to perform those actions. For example IAM policies, see [Permissions to use AMS features](https://docs.aws.amazon.com/managedservices/latest/accelerate-guide/acc-access-customer.html). +