AWS Security ChangesHomeSearch

AWS elasticbeanstalk high security documentation change

Service: elasticbeanstalk · 2025-08-22 · Security-related high

File: elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md

Summary

Modified IAM policy example to restructure iam:PassRole permissions with explicit resource ARN

Security assessment

The change enforces the principle of least privilege by scoping iam:PassRole to a specific role ARN, reducing the risk of privilege escalation via overly broad permissions.

Diff

diff --git a/elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md b/elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md
index e9960490b..28169009e 100644
--- a//elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md
+++ b//elasticbeanstalk/latest/dg/AWSHowTo.iam.example.resource.md
@@ -66 +65,0 @@ JSON
-                "iam:PassRole",
@@ -79,0 +79,7 @@ JSON
+       },
+       {
+       "Effect": "Allow",
+       "Action": [
+       "iam:PassRole"
+       ],
+       "Resource": "arn:aws:iam::111122223333:role/MyRole"