AWS deadline-cloud documentation change
Summary
Expanded permissions for 'deadline' action to include assuming fleet roles and tagging workers. Added changelog entry for new TagResource/ListTagsForResource actions.
Security assessment
The change adds documentation about tag management permissions (TagResource/ListTagsForResource) and role assumption capabilities in a managed policy. While these relate to access control and resource governance, there is no evidence of addressing a specific security vulnerability. The update enhances security documentation by clarifying permissions required for tag-based resource management.
Diff
diff --git a/deadline-cloud/latest/developerguide/security-iam-awsmanpol.md b/deadline-cloud/latest/developerguide/security-iam-awsmanpol.md index fdd92e3ac..31c769d38 100644 --- a//deadline-cloud/latest/developerguide/security-iam-awsmanpol.md +++ b//deadline-cloud/latest/developerguide/security-iam-awsmanpol.md @@ -44 +44 @@ This policy includes the following permissions: - * `deadline` – Allows principals to create workers. + * `deadline` – Allows the user to create workers, assume the fleet role for workers, and apply tags to workers @@ -140,0 +141 @@ Change | Description | Date +AWSDeadlineCloud-WorkerHost – Change | Deadline Cloud added new actions `deadline:TagResource` and `deadline:ListTagsForResource` to allow you to add and view tags associated with workers in your fleet. | May 30, 2025