AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-06-07 · Documentation low

File: guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md

Summary

Updated required IAM policy to AmazonGuardDutyFullAccess_v2 for on-demand malware scans

Security assessment

The change recommends using a newer IAM policy version, which likely enforces improved security practices, but there's no explicit evidence of addressing a specific security issue in the diff.

Diff

diff --git a/guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md b/guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md
index ecbca1329..88d6c53dc 100644
--- a//guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md
+++ b//guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md
@@ -19 +19 @@ Before you start an On-demand malware scan, your account must meet the following
-  * Ensure that the [AWS managed policy: AmazonGuardDutyFullAccess](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess) is attached to the IAM user or the IAM role. You will need the access key and secret key associated with the IAM user or the IAM role.
+  * Ensure that the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) is attached to the IAM user or the IAM role. You will need the access key and secret key associated with the IAM user or the IAM role.