AWS resource-explorer documentation change
Summary
Expanded AWSResourceExplorerServiceRolePolicy permissions to include list/view actions for 50+ new resource types and services
Security assessment
The change documents expanded IAM policy permissions for a service-linked role, which is security-related documentation but does not indicate remediation of a vulnerability. While IAM policy changes can impact security posture, there's no evidence this addresses an existing exploit or weakness - it appears to be routine service capability expansion.
Diff
diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md index 6a210d0c0..f754a5627 100644 --- a//resource-explorer/latest/userguide/security_iam_awsmanpol.md +++ b//resource-explorer/latest/userguide/security_iam_awsmanpol.md @@ -189,0 +190,45 @@ AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view addit +| May 7, 2025 +AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types | Resource Explorer added permissions to the service-linked role policy AWSResourceExplorerServiceRolePolicy that allows Resource Explorer to view additional resource types: + + * `cloud9:environment` + * `cloudtrail:eventdatastore` + * `connect:instance/rule` + * `connect:instance/task-template` + * `connect:phone-number` + * `datapipeline:pipeline` + * `dax:cache` + * `devicefarm:project` + * `devicefarm:testgrid-project` + * `ds:directory` + * `ec2:ipam-resource-discovery` + * `ec2:ipam-resource-discovery-association` + * `elasticloadbalancing:listener-rule/net` + * `events:connection` + * `forecast:dataset-import-job` + * `forecast:forecast` + * `forecast:forecast-export-job` + * `forecast:predictor` + * `forecast:predictor-backtest-export-job` + * `geo:map` + * `grafana:workspaces` + * `groundstation:dataflow-endpoint-group` + * `iot:ruledestination` + * `iotfleetwise:vehicle` + * `ivschat:logging-configuration` + * `ivschat:room` + * `lookoutmetrics:AnomalyDetector` + * `m2:env` + * `outposts:site` + * `quicksight:theme` + * `route53-recovery-control:cluster` + * `route53-recovery-control:controlpanel/safetyrule` + * `route53-recovery-readiness:readiness-check` + * `route53resolver:firewall-rule-group-association` + * `rum:appmonitor` + * `sagemaker:app-image-config` + * `servicediscovery:service` + * `synthetics:group` + * `transfer:agreement` + * `transfer:profile` + * `workspaces:connectionalias` + @@ -190,0 +236,55 @@ AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view addit +AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types | Resource Explorer added permissions to the service-linked role policy AWSResourceExplorerServiceRolePolicy that allows Resource Explorer to view additional resource types: + + * `cloud9:listenvironments` + * `cloudtrail:listeventdatastores` + * `codeconnections:listconnections` + * `connect:listphonenumbersv2` + * `connect:listrules` + * `connect:listtasktemplates` + * `datapipeline:listpipelines` + * `dax:describeclusters` + * `devicefarm:listprojects` + * `devicefarm:listtestgridprojects` + * `ec2:describeipamresourcediscoveries` + * `ec2:describeipamresourcediscoveryassociations` + * `events:listapidestinations` + * `events:listconnections` + * `forecast:listdatasetimportjobs` + * `forecast:listforecastexportjobs` + * `forecast:listforecasts` + * `forecast:listpredictorbacktestexportjobs` + * `forecast:listpredictors` + * `geo:listmaps` + * `grafana:listworkspaces` + * `groundstation:listdatafllowendpointgroups` + * `iotfleetwise:listvehicles` + * `iottwinmaker:listsyncjobs` + * `ivschat:listloggingconfigurations` + * `ivschat:listrooms` + * `kms:listaliases` + * `license-manager:listdistributedgrants` + * `lightsail:getcontainerservices` + * `lightsail:getdisks` + * `lookoutmetrics:listanomalydetectors` + * `m2:listenvironments` + * `macie2:listallowlists` + * `organizations:listorganizationalunitsforparent` + * `organizations:listroots` + * `outposts:listsites` + * `quicksight:listthemes` + * `route53-recovery-control-config:listclusters` + * `route53-recovery-control-config:listcontrolpanels` + * `route53-recovery-control-config:listsafetyrules` + * `route53-recovery-readiness:listreadinesschecks` + * `route53resolver:listfirewallrulegroupassociations` + * `rum:listappmonitors` + * `s3:listmultiregionaccesspoints` + * `sagemaker:listappimageconfigs` + * `servicediscovery:listservices` + * `synthetics:listgroups` + * `timestream:listscheduledqueries` + * `transfer:listagreements` + * `transfer:listservers` + * `workspaces:describeconnectionaliases` + +| March 28, 2025