AWS guardduty documentation change
Summary
Updated required IAM policy to AmazonGuardDutyFullAccess_v2 for on-demand malware scans
Security assessment
The change recommends using a newer IAM policy version, which likely enforces improved security practices, but there's no explicit evidence of addressing a specific security issue in the diff.
Diff
diff --git a/guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md b/guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md index ecbca1329..88d6c53dc 100644 --- a//guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md +++ b//guardduty/latest/ug/malware-protection-getting-started-on-demand-scan.md @@ -19 +19 @@ Before you start an On-demand malware scan, your account must meet the following - * Ensure that the [AWS managed policy: AmazonGuardDutyFullAccess](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess) is attached to the IAM user or the IAM role. You will need the access key and secret key associated with the IAM user or the IAM role. + * Ensure that the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) is attached to the IAM user or the IAM role. You will need the access key and secret key associated with the IAM user or the IAM role.