AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-06-07 · Documentation low

File: guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md

Summary

Updated troubleshooting steps to reference AmazonGuardDutyFullAccess_v2 policy

Security assessment

The changes update existing troubleshooting documentation to reference the new policy version but do not introduce new security information or address specific vulnerabilities. This maintains consistency with other documentation updates.

Diff

diff --git a/guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md b/guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md
index 3a648a27f..8a26a58fe 100644
--- a//guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md
+++ b//guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md
@@ -19 +19 @@ For information about providing permissions to the management account, see [Esta
-If you receive an error suggesting that you do not have the required permissions to start an On-demand malware scan on an Amazon EC2 instance, verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess) policy to your IAM role.
+If you receive an error suggesting that you do not have the required permissions to start an On-demand malware scan on an Amazon EC2 instance, verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role.
@@ -25 +25 @@ If you're a member of an AWS organization and still receive the same error, conn
-If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection`, it means that you're missing the permission to either enable GuardDuty-initiated malware scan or use On-demand malware scan. Verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess) policy to your IAM role.
+If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection`, it means that you're missing the permission to either enable GuardDuty-initiated malware scan or use On-demand malware scan. Verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role.
@@ -31 +31 @@ If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardD
-  * Attach the [AWS managed policy: AmazonGuardDutyFullAccess](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess) to your IAM role. This will help you enable GuardDuty-initiated malware scan for the member accounts.
+  * Attach the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) to your IAM role. This will help you enable GuardDuty-initiated malware scan for the member accounts.