AWS Security ChangesHomeSearch

AWS resource-explorer documentation change

Service: resource-explorer · 2025-05-10 · Documentation low

File: resource-explorer/latest/userguide/security_iam_awsmanpol.md

Summary

Expanded AWSResourceExplorerServiceRolePolicy permissions to include list/view actions for 50+ new resource types and services

Security assessment

The change documents expanded IAM policy permissions for a service-linked role, which is security-related documentation but does not indicate remediation of a vulnerability. While IAM policy changes can impact security posture, there's no evidence this addresses an existing exploit or weakness - it appears to be routine service capability expansion.

Diff

diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md
index 6a210d0c0..f754a5627 100644
--- a//resource-explorer/latest/userguide/security_iam_awsmanpol.md
+++ b//resource-explorer/latest/userguide/security_iam_awsmanpol.md
@@ -189,0 +190,45 @@ AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view addit
+| May 7, 2025  
+AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types  |  Resource Explorer added permissions to the service-linked role policy AWSResourceExplorerServiceRolePolicy that allows Resource Explorer to view additional resource types:
+
+  * `cloud9:environment`
+  * `cloudtrail:eventdatastore`
+  * `connect:instance/rule`
+  * `connect:instance/task-template`
+  * `connect:phone-number`
+  * `datapipeline:pipeline`
+  * `dax:cache`
+  * `devicefarm:project`
+  * `devicefarm:testgrid-project`
+  * `ds:directory`
+  * `ec2:ipam-resource-discovery`
+  * `ec2:ipam-resource-discovery-association`
+  * `elasticloadbalancing:listener-rule/net`
+  * `events:connection`
+  * `forecast:dataset-import-job`
+  * `forecast:forecast`
+  * `forecast:forecast-export-job`
+  * `forecast:predictor`
+  * `forecast:predictor-backtest-export-job`
+  * `geo:map`
+  * `grafana:workspaces`
+  * `groundstation:dataflow-endpoint-group`
+  * `iot:ruledestination`
+  * `iotfleetwise:vehicle`
+  * `ivschat:logging-configuration`
+  * `ivschat:room`
+  * `lookoutmetrics:AnomalyDetector`
+  * `m2:env`
+  * `outposts:site`
+  * `quicksight:theme`
+  * `route53-recovery-control:cluster`
+  * `route53-recovery-control:controlpanel/safetyrule`
+  * `route53-recovery-readiness:readiness-check`
+  * `route53resolver:firewall-rule-group-association`
+  * `rum:appmonitor`
+  * `sagemaker:app-image-config`
+  * `servicediscovery:service`
+  * `synthetics:group`
+  * `transfer:agreement`
+  * `transfer:profile`
+  * `workspaces:connectionalias`
+
@@ -190,0 +236,55 @@ AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view addit
+AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types  |  Resource Explorer added permissions to the service-linked role policy AWSResourceExplorerServiceRolePolicy that allows Resource Explorer to view additional resource types:
+
+  * `cloud9:listenvironments`
+  * `cloudtrail:listeventdatastores`
+  * `codeconnections:listconnections`
+  * `connect:listphonenumbersv2`
+  * `connect:listrules`
+  * `connect:listtasktemplates`
+  * `datapipeline:listpipelines`
+  * `dax:describeclusters`
+  * `devicefarm:listprojects`
+  * `devicefarm:listtestgridprojects`
+  * `ec2:describeipamresourcediscoveries`
+  * `ec2:describeipamresourcediscoveryassociations`
+  * `events:listapidestinations`
+  * `events:listconnections`
+  * `forecast:listdatasetimportjobs`
+  * `forecast:listforecastexportjobs`
+  * `forecast:listforecasts`
+  * `forecast:listpredictorbacktestexportjobs`
+  * `forecast:listpredictors`
+  * `geo:listmaps`
+  * `grafana:listworkspaces`
+  * `groundstation:listdatafllowendpointgroups`
+  * `iotfleetwise:listvehicles`
+  * `iottwinmaker:listsyncjobs`
+  * `ivschat:listloggingconfigurations`
+  * `ivschat:listrooms`
+  * `kms:listaliases`
+  * `license-manager:listdistributedgrants`
+  * `lightsail:getcontainerservices`
+  * `lightsail:getdisks`
+  * `lookoutmetrics:listanomalydetectors`
+  * `m2:listenvironments`
+  * `macie2:listallowlists`
+  * `organizations:listorganizationalunitsforparent`
+  * `organizations:listroots`
+  * `outposts:listsites`
+  * `quicksight:listthemes`
+  * `route53-recovery-control-config:listclusters`
+  * `route53-recovery-control-config:listcontrolpanels`
+  * `route53-recovery-control-config:listsafetyrules`
+  * `route53-recovery-readiness:listreadinesschecks`
+  * `route53resolver:listfirewallrulegroupassociations`
+  * `rum:listappmonitors`
+  * `s3:listmultiregionaccesspoints`
+  * `sagemaker:listappimageconfigs`
+  * `servicediscovery:listservices`
+  * `synthetics:listgroups`
+  * `timestream:listscheduledqueries`
+  * `transfer:listagreements`
+  * `transfer:listservers`
+  * `workspaces:describeconnectionaliases`
+
+| March 28, 2025