AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2025-05-10 · Documentation medium

File: systems-manager/latest/userguide/security-iam-awsmanpol.md

Summary

Added tagging permissions for IAM roles and Lambda in managed policies

Security assessment

Documents new permissions for resource tagging which supports security best practices, but doesn't indicate resolution of a specific vulnerability. Tagging improvements support access control but aren't directly security fixes.

Diff

diff --git a/systems-manager/latest/userguide/security-iam-awsmanpol.md b/systems-manager/latest/userguide/security-iam-awsmanpol.md
index a33fb59d6..73a1d8114 100644
--- a//systems-manager/latest/userguide/security-iam-awsmanpol.md
+++ b//systems-manager/latest/userguide/security-iam-awsmanpol.md
@@ -780 +780 @@ This policy includes the following permissions.
-  * `iam` – Allows principals to pass roles permissions for the Systems Manager service and Lambda service; and to pass role permissions for diagnosis operations.
+  * `iam` – Allows principals to tag roles and pass roles permissions for the Systems Manager service and Lambda service, and to pass role permissions for diagnosis operations.
@@ -782 +782 @@ This policy includes the following permissions.
-  * `lambda` – Allows principals to manage functions for the Quick Setup lifecycle in the principal account using AWS CloudFormation templates.
+  * `lambda` – Allows principals to tag and manage functions for the Quick Setup lifecycle in the principal account using AWS CloudFormation templates.
@@ -1182,0 +1183 @@ AWS-SSM-RemediationAutomation-ExecutionRolePolicy – New policy | Systems Manag
+AWSQuickSetupSSMDeploymentRolePolicy – Update to an policy |  Systems Manager added permissions to allow Systems Manager to tag IAM roles and Lambda created for the unified console. | May 7th, 2025