AWS appstream2 documentation change
Summary
Added clarification about service role permissions differing from initial user permissions and cross-referenced policy documentation
Security assessment
The change emphasizes proper IAM role configuration by clarifying differences between service roles and user permissions. This helps prevent misconfiguration risks but does not address a specific active security vulnerability.
Diff
diff --git a/appstream2/latest/developerguide/roles-required-for-appstream.md b/appstream2/latest/developerguide/roles-required-for-appstream.md index 4f25b31d5..337f30990 100644 --- a//appstream2/latest/developerguide/roles-required-for-appstream.md +++ b//appstream2/latest/developerguide/roles-required-for-appstream.md @@ -30 +30,5 @@ While AppStream 2.0 resources are being created, the AppStream 2.0 service makes -For more information, see [Checking for the AmazonAppStreamServiceAccess Service Role and Policies](./controlling-access-checking-for-iam-service-access.html). +For more information, see [Checking for the AmazonAppStreamServiceAccess Service Role and Policies](./controlling-access-checking-for-iam-service-access.html) to check whether the **AmazonAppStreamServiceAccess** service role is present and has the correct policies attached. + +###### Note + +This service role can have permissions that are different from the first user that is getting started with AppStream 2.0. For details on the permissions of this role see “AmazonAppStreamServiceAccess” in [AWS Managed Policies Required to Access AppStream 2.0 Resources](./managed-policies-required-to-access-appstream-resources.html).