AWS imagebuilder documentation change
Summary
Added requirement for AmazonSSMManagedInstanceCore policy in instance profile role documentation
Security assessment
The change enhances security documentation by specifying an additional required managed policy (AmazonSSMManagedInstanceCore) for secure instance management, though it does not address a specific vulnerability.
Diff
diff --git a/imagebuilder/latest/userguide/import-iso-disk.md b/imagebuilder/latest/userguide/import-iso-disk.md index 6d900ad3a..cbe0438fa 100644 --- a//imagebuilder/latest/userguide/import-iso-disk.md +++ b//imagebuilder/latest/userguide/import-iso-disk.md @@ -71 +71,7 @@ This role grants permission for Image Builder to call AWS services on your behal -This role grants permission for the actions that the service performs on the EC2 instance. You can specify an instance profile role in your infrastructure configuration resource. You can attach the [EC2InstanceProfileForImageBuilder](./security-iam-awsmanpol.html#sec-iam-manpol-EC2InstanceProfileForImageBuilder) managed policy to your instance profile role. This policy has the permissions needed for the import process. For more information, see [Manage Image Builder infrastructure configuration](./manage-infra-config.html). +This role grants permission for the actions that the service performs on the EC2 instance. You can specify an instance profile role in your infrastructure configuration resource. Attach the following managed policies to your instance profile role to ensure that you have all of the permissions needed for the import process. + + * [EC2InstanceProfileForImageBuilder](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/EC2InstanceProfileForImageBuilder.html) + + * [AmazonSSMManagedInstanceCore](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonSSMManagedInstanceCore.html) + +For more information, see [Manage Image Builder infrastructure configuration](./manage-infra-config.html).