AWS Security ChangesHomeSearch

AWS systems-manager high security documentation change

Service: systems-manager · 2025-06-19 · Security-related high

File: systems-manager/latest/userguide/systems-manager-inventory-query.md

Summary

Updated IAM policy resource ARNs from wildcard (*) to specific role ARNs for PassRole permissions

Security assessment

Restricting IAM permissions to specific resources follows the principle of least privilege, reducing potential over-permission risks. This change explicitly limits which roles can be passed, addressing a security best practice.

Diff

diff --git a/systems-manager/latest/userguide/systems-manager-inventory-query.md b/systems-manager/latest/userguide/systems-manager-inventory-query.md
index fcc735804..e70b9959d 100644
--- a//systems-manager/latest/userguide/systems-manager-inventory-query.md
+++ b//systems-manager/latest/userguide/systems-manager-inventory-query.md
@@ -66 +66,4 @@ The following `PassRole` and additional required permissions block
-                "Resource": "*",
+                "Resource": [
+                    "arn:aws:iam::123456789012:role/SSMInventoryGlueRole",
+                    "arn:aws:iam::123456789012:role/SSMInventoryServiceRole"
+                ],