AWS Security ChangesHomeSearch

AWS security-ir medium security documentation change

Service: security-ir · 2025-05-10 · Security-related medium

File: security-ir/latest/userguide/aws-managed-policies.md

Summary

Added permissions to AWSSecurityIncidentResponseTriageServiceRolePolicy including security-ir and GuardDuty actions to support service entitlements and GuardDuty Auto-Archival management

Security assessment

The change adds IAM permissions related to security incident response and GuardDuty administration, specifically mentioning security implications for delegated account management. The guardduty:GetAdministratorAccount permission directly relates to security controls for cross-account management.

Diff

diff --git a/security-ir/latest/userguide/aws-managed-policies.md b/security-ir/latest/userguide/aws-managed-policies.md
index b80422daf..4c1f109e7 100644
--- a//security-ir/latest/userguide/aws-managed-policies.md
+++ b//security-ir/latest/userguide/aws-managed-policies.md
@@ -148,0 +149 @@ Change | Description | Date
+Updates to SLR adding permissions to support service entitlements. |  AWSSecurityIncidentResponseTriageServiceRolePolicy has been updated to add security-ir:GetMembership, security-ir:ListMemberships, security-ir:UpdateCase, guardduty:ListFilters, guarduty:UpdateFilter, guardduty:DeleteFilter, and guardduty:GetAdministratorAccount permissions. guardduty:GetAdministratorAccount was added to facilitate management of GuardDuty Auto-Archival filters in delegated accounts. | March 11, 2025