AWS Security ChangesHomeSearch

AWS systems-manager medium security documentation change

Service: systems-manager · 2025-07-16 · Security-related medium

File: systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md

Summary

Changed 'IAM users' to 'IAM roles' in the list of valid access request approvers

Security assessment

Correcting the allowed approver type from IAM users to IAM roles prevents misconfigurations that could lead to unauthorized access approvals. This directly impacts access control security.

Diff

diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md
index a57ae774e..fd53f500b 100644
--- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md
+++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-create-manual-policies.md
@@ -21 +21 @@ The following procedure describes how to create manual approval policies. System
-  6. In the **Access request approvers** section, enter the users or groups you want to be able to approve access requests to the node targets in the policy. Access request approvers can be IAM Identity Center users and groups or IAM users. You can specify up to 5 approvers per level, and up to 5 levels of approvers.
+  6. In the **Access request approvers** section, enter the users or groups you want to be able to approve access requests to the node targets in the policy. Access request approvers can be IAM Identity Center users and groups or IAM roles. You can specify up to 5 approvers per level, and up to 5 levels of approvers.