AWS Security ChangesHomeSearch

AWS iot-device-defender medium security documentation change

Service: iot-device-defender · 2025-08-28 · Security-related medium

File: iot-device-defender/latest/devguide/dd-mitigation-actions.md

Summary

Removed IAM policy example for ENABLE_IOT_LOGGING mitigation action

Security assessment

Removal of required IAM policy documentation for security logging configuration could lead to misconfigurations. The deleted policy showed necessary permissions (iot:SetV2LoggingOptions and iam:PassRole) for proper security logging setup, and its absence might result in insecure implementations.

Diff

diff --git a/iot-device-defender/latest/devguide/dd-mitigation-actions.md b/iot-device-defender/latest/devguide/dd-mitigation-actions.md
index 1b20d7f23..f4838f525 100644
--- a//iot-device-defender/latest/devguide/dd-mitigation-actions.md
+++ b//iot-device-defender/latest/devguide/dd-mitigation-actions.md
@@ -490,33 +489,0 @@ ENABLE_IOT_LOGGING |
-
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version":"2012-10-17",
-        "Statement":[
-            {
-                "Effect":"Allow",
-                "Action":[
-                    "iot:SetV2LoggingOptions"
-                ],
-                "Resource":[
-                    "*"
-                ]
-            },
-            {
-                "Effect":"Allow",
-                "Action":[
-                    "iam:PassRole"
-                ],
-                "Resource":[
-                    "<IAM role ARN used for setting up logging>"
-                ]
-            }
-        ]
-    }
-      
-