AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-08-19 · Documentation medium

File: guardduty/latest/ug/slr-permissions.md

Summary

Removed multiple IAM policy examples for GuardDuty service-linked roles including malware protection permissions

Security assessment

This removes redundant IAM policy documentation but does not directly address security vulnerabilities. The deletion of security configuration examples could lead to misconfigurations if users rely on outdated documentation, but there's no evidence of an active security issue being patched.

Diff

diff --git a/guardduty/latest/ug/slr-permissions.md b/guardduty/latest/ug/slr-permissions.md
index cb6d5183b..f181cb637 100644
--- a//guardduty/latest/ug/slr-permissions.md
+++ b//guardduty/latest/ug/slr-permissions.md
@@ -302,146 +301,0 @@ JSON
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "ec2:DescribeInstances",
-                    "ec2:DescribeImages",
-                    "ec2:DescribeVpcEndpoints",
-                    "ec2:DescribeSubnets",
-                    "ec2:DescribeVpcPeeringConnections",
-                    "ec2:DescribeTransitGatewayAttachments",
-                    "organizations:ListAccounts",
-                    "organizations:DescribeAccount",
-                    "s3:GetBucketPublicAccessBlock",
-                    "s3:GetEncryptionConfiguration",
-                    "s3:GetBucketTagging",
-                    "s3:GetAccountPublicAccessBlock",
-                    "s3:ListAllMyBuckets",
-                    "s3:GetBucketAcl",
-                    "s3:GetBucketPolicy",
-                    "s3:GetBucketPolicyStatus",
-                    "lambda:GetFunctionConfiguration",
-                    "lambda:ListTags"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": "iam:CreateServiceLinkedRole",
-                "Resource": "*",
-                "Condition": {
-                    "StringEquals": {
-                        "iam:AWSServiceName": "malware-protection.guardduty.amazonaws.com"
-                    }
-                }
-            }
-        ]
-    }
-    
-
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "ec2:DescribeInstances",
-                    "ec2:DescribeImages",
-                    "ec2:DescribeVpcEndpoints",
-                    "ec2:DescribeSubnets",
-                    "ec2:DescribeVpcPeeringConnections",
-                    "ec2:DescribeTransitGatewayAttachments",
-                    "organizations:ListAccounts",
-                    "organizations:DescribeAccount",
-                    "s3:GetBucketPublicAccessBlock",
-                    "s3:GetEncryptionConfiguration",
-                    "s3:GetBucketTagging",
-                    "s3:GetAccountPublicAccessBlock",
-                    "s3:ListAllMyBuckets",
-                    "s3:GetBucketAcl",
-                    "s3:GetBucketPolicy",
-                    "s3:GetBucketPolicyStatus",
-                    "lambda:GetFunctionConfiguration",
-                    "lambda:ListTags"
-                ],
-                "Resource": "*"
-            },
-            {
-                "Effect": "Allow",
-                "Action": "iam:CreateServiceLinkedRole",
-                "Resource": "*",
-                "Condition": {
-                    "StringEquals": {
-                        "iam:AWSServiceName": "malware-protection.guardduty.amazonaws.com"
-                    }
-                }
-            }
-        ]
-    }
-    
-
-JSON
-    
-
-****
-    
-    
-    
-    {
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Sid": "GuardDutyGetDescribeListPolicy",  
-          "Effect": "Allow",
-          "Action": [
-            "ec2:DescribeInstances",
-            "ec2:DescribeImages",
-            "ec2:DescribeVpcEndpoints",
-            "ec2:DescribeSubnets",
-            "ec2:DescribeVpcPeeringConnections",
-            "ec2:DescribeTransitGatewayAttachments",
-            "organizations:ListAccounts",
-            "organizations:DescribeAccount",
-            "s3:GetBucketPublicAccessBlock",
-            "s3:GetEncryptionConfiguration",
-            "s3:GetBucketTagging",
-            "s3:GetAccountPublicAccessBlock",
-            "s3:ListAllMyBuckets",
-            "s3:GetBucketAcl",
-            "s3:GetBucketPolicy",
-            "s3:GetBucketPolicyStatus",
-            "lambda:GetFunctionConfiguration",
-            "lambda:ListTags"
-          ],
-            "Resource": "*"
-        },
-        {
-          "Sid": "GuardDutyCreateSLRPolicy",
-          "Effect": "Allow",
-          "Action": "iam:CreateServiceLinkedRole",
-          "Resource": "*",
-          "Condition": {
-            "StringEquals": {
-              "iam:AWSServiceName": "malware-protection.guardduty.amazonaws.com"
-            }
-          }
-        }
-      ]
-    }
-    
-