AWS Security ChangesHomeSearch

AWS appstream2 documentation change

Service: appstream2 · 2025-05-19 · Documentation low

File: appstream2/latest/developerguide/roles-required-for-appstream.md

Summary

Added clarification about service role permissions differing from initial user permissions and cross-referenced policy documentation

Security assessment

The change emphasizes proper IAM role configuration by clarifying differences between service roles and user permissions. This helps prevent misconfiguration risks but does not address a specific active security vulnerability.

Diff

diff --git a/appstream2/latest/developerguide/roles-required-for-appstream.md b/appstream2/latest/developerguide/roles-required-for-appstream.md
index 4f25b31d5..337f30990 100644
--- a//appstream2/latest/developerguide/roles-required-for-appstream.md
+++ b//appstream2/latest/developerguide/roles-required-for-appstream.md
@@ -30 +30,5 @@ While AppStream 2.0 resources are being created, the AppStream 2.0 service makes
-For more information, see [Checking for the AmazonAppStreamServiceAccess Service Role and Policies](./controlling-access-checking-for-iam-service-access.html).
+For more information, see [Checking for the AmazonAppStreamServiceAccess Service Role and Policies](./controlling-access-checking-for-iam-service-access.html) to check whether the **AmazonAppStreamServiceAccess** service role is present and has the correct policies attached. 
+
+###### Note
+
+This service role can have permissions that are different from the first user that is getting started with AppStream 2.0. For details on the permissions of this role see “AmazonAppStreamServiceAccess” in [AWS Managed Policies Required to Access AppStream 2.0 Resources](./managed-policies-required-to-access-appstream-resources.html).