AWS Security ChangesHomeSearch

AWS systems-manager high security documentation change

Service: systems-manager · 2025-06-19 · Security-related high

File: systems-manager/latest/userguide/monitoring-sns-notifications.md

Summary

Added IAM condition requiring service principal validation

Security assessment

Adds security control to prevent confused deputy issues by enforcing iam:PassedToService condition

Diff

diff --git a/systems-manager/latest/userguide/monitoring-sns-notifications.md b/systems-manager/latest/userguide/monitoring-sns-notifications.md
index 0752be0cc..ec6f0f451 100644
--- a//systems-manager/latest/userguide/monitoring-sns-notifications.md
+++ b//systems-manager/latest/userguide/monitoring-sns-notifications.md
@@ -261 +261,6 @@ For entities without administrator permissions, an administrator must grant the
-                "Resource": "arn:aws:iam::account-id:role/sns-role-name"
+                "Resource": "arn:aws:iam::account-id:role/sns-role-name",
+                "Condition": {
+                    "StringEquals": {
+                        "iam:PassedToService": "sns.amazonaws.com"
+                    }
+                }