AWS ssm-sap documentation change
Summary
Added Cost Explorer permissions (ce:*) to service-linked role policy
Security assessment
Expands IAM policy permissions for cost management tracking. While IAM changes can have security implications, these additions focus on cost allocation tagging rather than direct security controls.
Diff
diff --git a/ssm-sap/latest/userguide/iam-policies.md b/ssm-sap/latest/userguide/iam-policies.md index 65524bcd2..924fe8514 100644 --- a//ssm-sap/latest/userguide/iam-policies.md +++ b//ssm-sap/latest/userguide/iam-policies.md @@ -114,0 +115,8 @@ Change | Description | Date +[AWSSSMForSAPServiceLinkedRolePolicy](https://docs.aws.amazon.com/ssm-sap/latest/userguide/slr.html#slr-permissions) – Updated policy | The following permissions have been added to the policy: + + * `ce:ListCostAllocationTags` + * `ce:UpdateCostAllocationTagsStatus` + * `ce:ListCostAllocationTagBackfillHistory` + * `ce:StartCostAllocationTagBackfill` + +| July 08, 2025