AWS Security ChangesHomeSearch

AWS guardduty high security documentation change

Service: guardduty · 2025-06-07 · Security-related high

File: guardduty/latest/ug/enable-malware-protection-s3-bucket.md

Summary

Updated IAM policy reference from AmazonGuardDutyFullAccess to AmazonGuardDutyFullAccess_v2

Security assessment

The change promotes a more secure IAM policy (v2) that restricts administrative actions, directly addressing security best practices for permissions.

Diff

diff --git a/guardduty/latest/ug/enable-malware-protection-s3-bucket.md b/guardduty/latest/ug/enable-malware-protection-s3-bucket.md
index 30b808120..cda482b70 100644
--- a//guardduty/latest/ug/enable-malware-protection-s3-bucket.md
+++ b//guardduty/latest/ug/enable-malware-protection-s3-bucket.md
@@ -30 +30 @@ If you expect high volumes of `GET` and `PUT` requests to your S3 buckets, consi
-When you enable Malware Protection for S3 for an Amazon S3 bucket, GuardDuty creates a Malware Protection plan resource that acts as an identifier for the bucket's protection plan. If you are not already using the [AWS managed policy: AmazonGuardDutyFullAccess](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess), then you must add the following permissions to create this resource: 
+When you enable Malware Protection for S3 for an Amazon S3 bucket, GuardDuty creates a Malware Protection plan resource that acts as an identifier for the bucket's protection plan. If you are not already using the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2), then you must add the following permissions to create this resource: