AWS Security ChangesHomeSearch

AWS ssm-sap documentation change

Service: ssm-sap · 2025-07-10 · Documentation medium

File: ssm-sap/latest/userguide/iam-policies.md

Summary

Added Cost Explorer permissions (ce:*) to service-linked role policy

Security assessment

Expands IAM policy permissions for cost management tracking. While IAM changes can have security implications, these additions focus on cost allocation tagging rather than direct security controls.

Diff

diff --git a/ssm-sap/latest/userguide/iam-policies.md b/ssm-sap/latest/userguide/iam-policies.md
index 65524bcd2..924fe8514 100644
--- a//ssm-sap/latest/userguide/iam-policies.md
+++ b//ssm-sap/latest/userguide/iam-policies.md
@@ -114,0 +115,8 @@ Change | Description | Date
+[AWSSSMForSAPServiceLinkedRolePolicy](https://docs.aws.amazon.com/ssm-sap/latest/userguide/slr.html#slr-permissions) – Updated policy |  The following permissions have been added to the policy:
+
+  * `ce:ListCostAllocationTags`
+  * `ce:UpdateCostAllocationTagsStatus`
+  * `ce:ListCostAllocationTagBackfillHistory`
+  * `ce:StartCostAllocationTagBackfill`
+
+| July 08, 2025