AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2025-05-10 · Documentation low

File: security-ir/latest/userguide/select-a-membership-account.md

Summary

Added documentation about manually creating service-linked role in management account when using delegated administrator

Security assessment

The change adds guidance for creating a required security role, which is part of secure service configuration but does not indicate a specific security vulnerability being addressed

Diff

diff --git a/security-ir/latest/userguide/select-a-membership-account.md b/security-ir/latest/userguide/select-a-membership-account.md
index ea70bda92..4ac07c864 100644
--- a//security-ir/latest/userguide/select-a-membership-account.md
+++ b//security-ir/latest/userguide/select-a-membership-account.md
@@ -12,0 +13,21 @@ You have two options for selecting your AWS Security Incident Response membershi
+###### Important
+
+When you use a delegated administrator account as part of setup, AWS Security Incident Response cannot automatically create the required triage service linked role in your AWS Organizations management account. 
+
+You can use the IAM to create this role in your AWS Organizations management account
+
+###### To create a service-linked role (console)
+
+  1. Login to your AWS Organizations management account.
+
+  2. Access the AWS CloudShell window or access the account via CLI in your preferred method.
+
+  3. Use the CLI command `aws iam create-service-linked-role --aws-service-name triage.security-ir.amazonaws.com`
+
+  4. (Optional) To verify the command worked you can execute the command `aws iam get-role --role-name AWSServiceRoleForSecurityIncidentResponse_Triage`
+
+  5. Review the role and then choose **Create role**.
+
+
+
+