AWS Security ChangesHomeSearch

AWS compute-optimizer documentation change

Service: compute-optimizer · 2025-09-28 · Documentation low

File: compute-optimizer/latest/ug/managed-policies.md

Summary

Added JSON policy examples for Compute Optimizer managed policies including full access, AWS Organizations access, and CloudWatch permissions

Security assessment

The changes document IAM policy configurations which are security-related best practices, but there's no evidence of addressing a specific security vulnerability.

Diff

diff --git a/compute-optimizer/latest/ug/managed-policies.md b/compute-optimizer/latest/ug/managed-policies.md
index b539cf54e..ce808e386 100644
--- a//compute-optimizer/latest/ug/managed-policies.md
+++ b//compute-optimizer/latest/ug/managed-policies.md
@@ -50,0 +51,6 @@ This policy includes the following permissions.
+JSON
+    
+
+****
+    
+    
@@ -107,0 +114,43 @@ This policy includes the following permissions.
+
+JSON
+    
+
+****
+    
+    
+    
+    {
+        "Version":"2012-10-17",		 	 	 
+        "Statement": [
+            {
+                "Sid": "ComputeOptimizerFullAccess",
+                "Effect": "Allow",
+                "Action": [
+                    "compute-optimizer:*"
+                ],
+                "Resource": "*"
+            },
+            {
+                "Sid": "AwsOrgsAccess",
+                "Effect": "Allow",
+                "Action": [
+                    "organizations:DescribeOrganization",
+                    "organizations:ListAccounts",
+                    "organizations:ListAWSServiceAccessForOrganization"
+                ],
+                "Resource": [
+                    "*"
+                ]
+            },
+            {
+                "Sid": "CloudWatchAccess",
+                "Effect": "Allow",
+                "Action": [
+                    "cloudwatch:GetMetricData"
+                ],
+                "Resource": "*"
+            }
+        ]
+    }
+    
+
@@ -136,0 +186,6 @@ This policy includes the following:
+JSON
+    
+
+****
+    
+    
@@ -180,0 +236,44 @@ This policy includes the following:
+
+JSON
+    
+
+****
+    
+    
+    
+    {
+        "Version":"2012-10-17",		 	 	 
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "compute-optimizer:DescribeRecommendationExportJobs",
+                    "compute-optimizer:GetEnrollmentStatus",
+                    "compute-optimizer:GetEnrollmentStatusesForOrganization",
+                    "compute-optimizer:GetRecommendationSummaries",
+                    "compute-optimizer:GetEC2InstanceRecommendations",
+                    "compute-optimizer:GetEC2RecommendationProjectedMetrics",
+                    "compute-optimizer:GetAutoScalingGroupRecommendations",
+                    "compute-optimizer:GetEBSVolumeRecommendations",
+                    "compute-optimizer:GetLambdaFunctionRecommendations",
+                    "compute-optimizer:GetECSServiceRecommendations",
+    		"compute-optimizer:GetECSServiceRecommendationProjectedMetrics",
+    				"compute-optimizer:GetLicenseRecommendations",
+                    "ec2:DescribeInstances",
+                    "ec2:DescribeVolumes",
+                    "ecs:ListServices",
+    		"ecs:ListClusters",
+                    "autoscaling:DescribeAutoScalingGroups",
+                    "lambda:ListFunctions",
+                    "lambda:ListProvisionedConcurrencyConfigs",
+                    "cloudwatch:GetMetricData",
+                    "organizations:ListAccounts",
+                    "organizations:DescribeOrganization",
+                    "organizations:DescribeAccount"
+                ],
+                "Resource": "*"
+            }
+        ]
+    }
+    
+