AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-05-22 · Documentation medium

File: waf/latest/developerguide/fms-security-iam-awsmanpol.md

Summary

Added CloudFront web ACL association/disassociation permissions to Firewall Manager service role policy.

Security assessment

Documents expanded IAM permissions for security feature integration (WAF + CloudFront). Enhances security documentation but does not resolve a specific vulnerability.

Diff

diff --git a/waf/latest/developerguide/fms-security-iam-awsmanpol.md b/waf/latest/developerguide/fms-security-iam-awsmanpol.md
index 964478b6e..ba6a73d23 100644
--- a//waf/latest/developerguide/fms-security-iam-awsmanpol.md
+++ b//waf/latest/developerguide/fms-security-iam-awsmanpol.md
@@ -115,0 +116,6 @@ Change | Description | Date
+FMSServiceRolePolicy – Updated policy | Added permissions to the Firewall Manager service policy. Added the following permissions required for Amazon CloudFront: 
+
+  * `cloudfront:AssociateDistributionWebACL` – Grants permission to associate an AWS WAF web ACL with a CloudFront distribution
+  * `cloudfront:DisassociateDistributionWebACL` – Grants permission to disassociate an AWS WAF web ACL with a CloudFront distribution
+
+| 2025-05-21