AWS guardduty documentation change
Summary
Removed '(recommended)' qualifier from references to AmazonGuardDutyFullAccess_v2 policy in multiple sections
Security assessment
Change removes a recommendation label but does not alter security guidance. No evidence of addressing vulnerabilities or security incidents.
Diff
diff --git a/guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md b/guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md index 8a26a58fe..4d3fce554 100644 --- a//guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md +++ b//guardduty/latest/ug/troubleshooting-guardduty-malware-protection-issues.md @@ -19 +19 @@ For information about providing permissions to the management account, see [Esta -If you receive an error suggesting that you do not have the required permissions to start an On-demand malware scan on an Amazon EC2 instance, verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role. +If you receive an error suggesting that you do not have the required permissions to start an On-demand malware scan on an Amazon EC2 instance, verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role. @@ -25 +25 @@ If you're a member of an AWS organization and still receive the same error, conn -If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection`, it means that you're missing the permission to either enable GuardDuty-initiated malware scan or use On-demand malware scan. Verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role. +If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardDutyMalwareProtection`, it means that you're missing the permission to either enable GuardDuty-initiated malware scan or use On-demand malware scan. Verify that you've attached the [AWS managed policy: AmazonGuardDutyFullAccess_v2](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) policy to your IAM role. @@ -31 +31 @@ If you receive this error – `Unable to get role: AWSServiceRoleForAmazonGuardD - * Attach the [AWS managed policy: AmazonGuardDutyFullAccess_v2 (recommended)](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) to your IAM role. This will help you enable GuardDuty-initiated malware scan for the member accounts. + * Attach the [AWS managed policy: AmazonGuardDutyFullAccess_v2](./security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess-v2) to your IAM role. This will help you enable GuardDuty-initiated malware scan for the member accounts.