AWS awssupport documentation change
Summary
Added documentation about AWSServiceRoleForSupport enabling CloudTrail visibility for Support API calls
Security assessment
Explicitly documents how the service-linked role supports security monitoring through CloudTrail integration, but does not address a specific vulnerability
Diff
diff --git a/awssupport/latest/user/using-service-linked-roles-sup.md b/awssupport/latest/user/using-service-linked-roles-sup.md index 59f6bd0a8..07ead13ae 100644 --- a/awssupport/latest/user/using-service-linked-roles-sup.md +++ b/awssupport/latest/user/using-service-linked-roles-sup.md @@ -22,0 +23,2 @@ AWS Trusted Advisor uses a separate IAM service-linked role to access AWS resour +The `AWSServiceRoleForSupport` service-linked role enables all AWS Support API calls to be visible to customers through AWS CloudTrail. This helps with monitoring and auditing requirements, because it provides a transparent way to understand the actions that Support performs on your behalf. For information about CloudTrail, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). +