AWS Security ChangesHomeSearch

AWS efs high security documentation change

Service: efs · 2025-07-04 · Security-related high

File: efs/latest/ug/cross-account-replication.md

Summary

Updated cross-account replication documentation to require IAM roles instead of service-linked roles

Security assessment

Addresses potential confused deputy risks by requiring explicit IAM roles rather than service-linked roles, which improves security controls

Diff

diff --git a/efs/latest/ug/cross-account-replication.md b/efs/latest/ug/cross-account-replication.md
index e8a925a6d..14009c1d0 100644
--- a//efs/latest/ug/cross-account-replication.md
+++ b//efs/latest/ug/cross-account-replication.md
@@ -13 +13 @@ For example, you might be required by compliance policies to use different accou
-Replicating across AWS accounts requires additional security and policy setup. You must create an IAM role on the source account that gives Amazon EFS permission to perform replication in the destination account. You also need to create policies on the file systems that you want to share across accounts. After the IAM role and file system policies are created, you create the replication configuration.
+Replicating across AWS accounts requires additional security and policy setup. Instead of using service-linked roles to perform cross-account replication, you must create an IAM role that gives Amazon EFS permission to perform replication in the destination account. You also need to create policies on the file systems that you want to share across accounts. After the IAM role and file system policies are created, you create the replication configuration.