AWS Security ChangesHomeSearch

AWS IAM documentation change

Service: IAM · 2025-04-23 · Documentation low

File: IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md

Summary

Added requirement to delete all analyzers across all regions in AWS Organizations before deleting service-linked role

Security assessment

The change clarifies proper cleanup procedures for service-linked roles but does not address a specific security vulnerability. While improper role deletion could theoretically leave residual configurations, there's no explicit evidence of a security flaw being patched.

Diff

diff --git a/IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md b/IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md
index d0d64a5e1..277ba3d3e 100644
--- a//IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md
+++ b//IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md
@@ -49,0 +50,2 @@ If you no longer need to use a feature or service that requires a service-linked
+If IAM Access Analyzer is enabled in one or more regions in your AWS Organizations, you must delete all analyzers in all regions for your organization before attempting to delete this role.
+