AWS Security ChangesHomeSearch

AWS connect documentation change

Service: connect · 2025-06-22 · Documentation low

File: connect/latest/adminguide/tag-based-access-control.md

Summary

Increased maximum allowed security profiles with access control tags from 2 to 3

Security assessment

This change increases a configuration limit but does not address a specific security vulnerability. While tag-based access controls are security-related, the adjustment to the number of allowed profiles is a feature update rather than a security fix.

Diff

diff --git a/connect/latest/adminguide/tag-based-access-control.md b/connect/latest/adminguide/tag-based-access-control.md
index 6b77e6514..c6713953e 100644
--- a//connect/latest/adminguide/tag-based-access-control.md
+++ b//connect/latest/adminguide/tag-based-access-control.md
@@ -29 +29 @@ Access control tags are configured on a security profile. You can configure up t
-Users can be assigned a maximum of two security profiles that contain access control tags. When multiple security profiles containing access control tags are assigned to a single user, the tag-based access controls become less restrictive. For example, if a user had one security profile with an access control tag like `Country:USA`, and another security profile with an access control tag like `Country:Argentina`, a user would be able to see resources tagged with `Country:USA` or `Country:Argentina`. A user can have other security profiles, as long as those additional security profiles do not contain tags. If multiple security profiles are present with overlapping resource permissions, the security profile without tag-based access controls will be enforced over the one with tag-based access controls.
+Users can be assigned a maximum of three security profiles that contain access control tags. When multiple security profiles containing access control tags are assigned to a single user, the tag-based access controls become less restrictive. For example, if a user had one security profile with an access control tag like `Country:USA`, and another security profile with an access control tag like `Country:Argentina`, a user would be able to see resources tagged with `Country:USA` or `Country:Argentina`. A user can have other security profiles, as long as those additional security profiles do not contain tags. If multiple security profiles are present with overlapping resource permissions, the security profile without tag-based access controls will be enforced over the one with tag-based access controls.