AWS Security ChangesHomeSearch

AWS rolesanywhere documentation change

Service: rolesanywhere · 2025-06-28 · Documentation low

File: rolesanywhere/latest/userguide/using-service-linked-roles.md

Summary

Added JSON policy example for CloudWatch metric permissions with namespace conditions

Security assessment

Added documentation about required permissions for service-linked roles, including conditional access for CloudWatch metrics. This enhances security documentation but does not indicate a specific security issue being addressed.

Diff

diff --git a/rolesanywhere/latest/userguide/using-service-linked-roles.md b/rolesanywhere/latest/userguide/using-service-linked-roles.md
index b30f52174..abcf76fa6 100644
--- a//rolesanywhere/latest/userguide/using-service-linked-roles.md
+++ b//rolesanywhere/latest/userguide/using-service-linked-roles.md
@@ -42,0 +43,6 @@ The role permissions policy named AWSRolesAnywhereServicePolicy allows IAM Roles
+JSON
+    
+
+****
+    
+    
@@ -73,0 +80,31 @@ The role permissions policy named AWSRolesAnywhereServicePolicy allows IAM Roles
+
+JSON
+    
+
+****
+    
+    
+    
+      {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Action": [
+              "cloudwatch:PutMetricData"
+            ],
+            "Resource": "*",
+            "Condition": {
+              "StringEquals": {
+                "cloudwatch:namespace": [
+                  "AWS/RolesAnywhere",
+                  "AWS/Usage"
+                ]
+              }
+            }
+          }
+        ]
+      }
+        
+    
+