AWS IAM documentation change
Summary
Added requirement to delete all analyzers across all regions in AWS Organizations before deleting service-linked role
Security assessment
The change clarifies proper cleanup procedures for service-linked roles but does not address a specific security vulnerability. While improper role deletion could theoretically leave residual configurations, there's no explicit evidence of a security flaw being patched.
Diff
diff --git a/IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md b/IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md index d0d64a5e1..277ba3d3e 100644 --- a//IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md +++ b//IAM/latest/UserGuide/access-analyzer-using-service-linked-roles.md @@ -49,0 +50,2 @@ If you no longer need to use a feature or service that requires a service-linked +If IAM Access Analyzer is enabled in one or more regions in your AWS Organizations, you must delete all analyzers in all regions for your organization before attempting to delete this role. +