AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-08-28 · Documentation low

File: guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md

Summary

Removed '(recommended)' qualifier from references to AmazonGuardDutyFullAccess_v2 policy in multiple sections

Security assessment

Change removes a recommendation label but does not alter security guidance. No evidence of addressing vulnerabilities or security incidents.

Diff

diff --git a/guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md b/guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md
index 8a26a58fe..4d3fce554 100644
--- a//guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md
+++ b//guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md
@@ -19 +19 @@ For information about providing permissions to the management account, see [Esta
-If you receive an error suggesting that you do not have the required permissions to start an On-demand malware scan on an Amazon EC2 instance, verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role.
+If you receive an error suggesting that you do not have the required permissions to start an On-demand malware scan on an Amazon EC2 instance, verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role.
@@ -25 +25 @@ If you're a member of an AWS organization and still receive the same error, conn
-If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection`, it means that you're missing the permission to either enable GuardDuty-initiated malware scan or use On-demand malware scan. Verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role.
+If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection`, it means that you're missing the permission to either enable GuardDuty-initiated malware scan or use On-demand malware scan. Verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role.
@@ -31 +31 @@ If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardD
-  * Attach the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) to your IAM role. This will help you enable GuardDuty-initiated malware scan for the member accounts.
+  * Attach the [AWS managed policy: AmazonGuardDutyFullAccess_v2](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) to your IAM role. This will help you enable GuardDuty-initiated malware scan for the member accounts.