AWS Security ChangesHomeSearch

AWS tnb documentation change

Service: tnb · 2025-05-03 · Documentation low

File: tnb/latest/ug/security_iam_id-based-policy-examples.md

Summary

Added SSM (Systems Manager Parameter Store) actions and resource ARN to AWS TNB service role policy

Security assessment

The change expands IAM policy permissions to include SSM parameter operations, which are security-relevant as they govern access to sensitive configuration data. However, there is no evidence this addresses a specific security vulnerability.

Diff

diff --git a/tnb/latest/ug/security_iam_id-based-policy-examples.md b/tnb/latest/ug/security_iam_id-based-policy-examples.md
index bdc57e8be..eb1f1ad34 100644
--- a//tnb/latest/ug/security_iam_id-based-policy-examples.md
+++ b//tnb/latest/ug/security_iam_id-based-policy-examples.md
@@ -246 +246,8 @@ The following code shows an AWS TNB service role policy:
-                    "cloudformation:UpdateTerminationProtection"
+                    "cloudformation:UpdateTerminationProtection",
+                    "ssm:PutParameter",
+                    "ssm:GetParameters",
+                    "ssm:GetParameter",
+                    "ssm:DeleteParameter",
+                    "ssm:AddTagsToResource",
+                    "ssm:ListTagsForResource",
+                    "ssm:RemoveTagsFromResource"
@@ -256 +263,2 @@ The following code shows an AWS TNB service role policy:
-                    "arn:aws:cloudformation:*:*:stack/tnb*"
+                    "arn:aws:cloudformation:*:*:stack/tnb*",
+                    "arn:aws:ssm:*:*:parameter/tnb/*"