AWS IAM documentation change
Summary
Updated AccessAnalyzerServiceRolePolicy with new s3express permissions for directory bucket access points
Security assessment
Expands service role permissions for enhanced analysis capabilities without indicating a security fix
Diff
diff --git a/IAM/latest/UserGuide/security-iam-awsmanpol.md b/IAM/latest/UserGuide/security-iam-awsmanpol.md index f144b3539..cd569bf92 100644 --- a/IAM/latest/UserGuide/security-iam-awsmanpol.md +++ b/IAM/latest/UserGuide/security-iam-awsmanpol.md @@ -163 +163 @@ This policy allows access to IAM Access Analyzer to analyze resource metadata fr - * **Amazon Simple Storage Service** – Allows permissions to view detailed information about Amazon S3 access points, buckets, and Amazon S3 directory buckets that use the Amazon S3 Express One storage class. + * **Amazon Simple Storage Service** – Allows permissions to view detailed information about Amazon S3 access points, buckets, Amazon S3 directory bucket access points, and directory buckets. @@ -263,0 +264,2 @@ This policy allows access to IAM Access Analyzer to analyze resource metadata fr + "s3express:GetAccessPoint", + "s3express:GetAccessPointPolicy", @@ -265,0 +268 @@ This policy allows access to IAM Access Analyzer to analyze resource metadata fr + "s3express:ListAccessPointsForDirectoryBuckets", @@ -569,0 +573 @@ Change | Description | Date +[AccessAnalyzerServiceRolePolicy](https://console.aws.amazon.com/iam/home#policies/AccessAnalyzerServiceRolePolicy) – Added permissions | IAM Access Analyzer added support for Amazon S3 directory bucket access points to the service-level permissions of `AccessAnalyzerServiceRolePolicy`. | March 31, 2025