AWS AWSEC2 documentation change
Summary
Added ModifyInstanceConnectEndpoint permission to policy example
Security assessment
Documents required permissions for managing EC2 Instance Connect Endpoints, which is a security-related feature but doesn't address a specific vulnerability
Diff
diff --git a/AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md b/AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md index b742b71ad..37429c4eb 100644 --- a//AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md +++ b//AWSEC2/latest/UserGuide/permissions-for-ec2-instance-connect-endpoint.md @@ -78,0 +79,12 @@ JSON + "arn:aws:ec2:us-east-1:111122223333:network-interface/*", + "arn:aws:ec2:us-east-1:111122223333:instance-connect-endpoint/*" + ] + }, + { + "Sid": "GrantModifyOnAllResources", + "Action": [ + "ec2:ModifyInstanceConnectEndpoint", + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:us-east-1:111122223333:security-group/*",