AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-04-01 · Documentation low

File: IAM/latest/UserGuide/security-iam-awsmanpol.md

Summary

Updated AccessAnalyzerServiceRolePolicy with new s3express permissions for directory bucket access points

Security assessment

Expands service role permissions for enhanced analysis capabilities without indicating a security fix

Diff

diff --git a/IAM/latest/UserGuide/security-iam-awsmanpol.md b/IAM/latest/UserGuide/security-iam-awsmanpol.md
index f144b3539..cd569bf92 100644
--- a/IAM/latest/UserGuide/security-iam-awsmanpol.md
+++ b/IAM/latest/UserGuide/security-iam-awsmanpol.md
@@ -163 +163 @@ This policy allows access to IAM Access Analyzer to analyze resource metadata fr
-  * **Amazon Simple Storage Service** – Allows permissions to view detailed information about Amazon S3 access points, buckets, and Amazon S3 directory buckets that use the Amazon S3 Express One storage class.
+  * **Amazon Simple Storage Service** – Allows permissions to view detailed information about Amazon S3 access points, buckets, Amazon S3 directory bucket access points, and directory buckets.
@@ -263,0 +264,2 @@ This policy allows access to IAM Access Analyzer to analyze resource metadata fr
+            "s3express:GetAccessPoint",
+            "s3express:GetAccessPointPolicy",
@@ -265,0 +268 @@ This policy allows access to IAM Access Analyzer to analyze resource metadata fr
+            "s3express:ListAccessPointsForDirectoryBuckets",
@@ -569,0 +573 @@ Change | Description | Date
+[AccessAnalyzerServiceRolePolicy](https://console.aws.amazon.com/iam/home#policies/AccessAnalyzerServiceRolePolicy) – Added permissions | IAM Access Analyzer added support for Amazon S3 directory bucket access points to the service-level permissions of `AccessAnalyzerServiceRolePolicy`. | March 31, 2025