AWS m2 medium security documentation change
Summary
Expanded IAM permissions required for CreateDeployment action to include ELB deletion and CloudWatch Logs management
Security assessment
Adds documentation for destructive permissions (DeleteListener, DeleteLoadBalancer) and log delivery controls that could prevent resource leakage and ensure audit capabilities. Missing these permissions could lead to security misconfigurations.
Diff
diff --git a/m2/latest/userguide/UsingWithM2_IAM_ResourcePermissions.md b/m2/latest/userguide/UsingWithM2_IAM_ResourcePermissions.md index def9234b7..487a832fa 100644 --- a//m2/latest/userguide/UsingWithM2_IAM_ResourcePermissions.md +++ b//m2/latest/userguide/UsingWithM2_IAM_ResourcePermissions.md @@ -32 +32 @@ AWS Mainframe Modernization API and required permissions for actions AWS Mainfr -[CreateDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDeployment.html) | `elasticloadbalancing:AddTags` `elasticloadbalancing:CreateListener` `elasticloadbalancing:CreateTargetGroup` `elasticloadbalancing:RegisterTargets` | Application +[CreateDeployment](https://docs.aws.amazon.com/m2/latest/APIReference/API_CreateDeployment.html) | `elasticloadbalancing:AddTags` `elasticloadbalancing:CreateListener` `elasticloadbalancing:CreateTargetGroup` `elasticloadbalancing:RegisterTargets` `elasticloadbalancing:DeleteListener` `elasticloadbalancing:DeleteTargetGroup` `elasticloadbalancing:DeregisterTargets` `elasticloadbalancing:DeleteLoadBalancer` `logs:CreateLogDelivery` `logs:GetLogDelivery` `logs:UpdateLogDelivery` `logs:DeleteLogDelivery` `logs:ListLogDeliveries` `logs:PutResourcePolicy` `logs:DescribeResourcePolicies` `logs:DescribeLogGroups` | Application