AWS Security ChangesHomeSearch

AWS deadline-cloud documentation change

Service: deadline-cloud · 2025-05-03 · Documentation low

File: deadline-cloud/latest/developerguide/security-iam-awsmanpol.md

Summary

Expanded permissions for 'deadline' action to include assuming fleet roles and tagging workers. Added changelog entry for new TagResource/ListTagsForResource actions.

Security assessment

The change adds documentation about tag management permissions (TagResource/ListTagsForResource) and role assumption capabilities in a managed policy. While these relate to access control and resource governance, there is no evidence of addressing a specific security vulnerability. The update enhances security documentation by clarifying permissions required for tag-based resource management.

Diff

diff --git a/deadline-cloud/latest/developerguide/security-iam-awsmanpol.md b/deadline-cloud/latest/developerguide/security-iam-awsmanpol.md
index fdd92e3ac..31c769d38 100644
--- a//deadline-cloud/latest/developerguide/security-iam-awsmanpol.md
+++ b//deadline-cloud/latest/developerguide/security-iam-awsmanpol.md
@@ -44 +44 @@ This policy includes the following permissions:
-  * `deadline` – Allows principals to create workers.
+  * `deadline` – Allows the user to create workers, assume the fleet role for workers, and apply tags to workers
@@ -140,0 +141 @@ Change | Description | Date
+AWSDeadlineCloud-WorkerHost – Change |  Deadline Cloud added new actions `deadline:TagResource` and `deadline:ListTagsForResource` to allow you to add and view tags associated with workers in your fleet. | May 30, 2025