AWS iot-sitewise documentation change
Summary
Updated AWSIoTSiteWiseReadOnlyAccess policy description to include ExecuteQuery permission and added changelog entry
Security assessment
Expands documentation of security controls (IAM policies) but does not address a specific security vulnerability. The change reflects added functionality rather than patching a security issue.
Diff
diff --git a/iot-sitewise/latest/userguide/security-iam-awsmanpol.md b/iot-sitewise/latest/userguide/security-iam-awsmanpol.md index d115a1668..2927d8295 100644 --- a//iot-sitewise/latest/userguide/security-iam-awsmanpol.md +++ b//iot-sitewise/latest/userguide/security-iam-awsmanpol.md @@ -23 +23 @@ You can attach the `AWSIoTSiteWiseReadOnlyAccess` policy to your IAM identities. -This policy provides read-only access to AWS IoT SiteWise. No other service permissions are included in this policy. +This policy provides read-only access to AWS IoT SiteWise, including permissions to execute read-only SQL queries. No other service permissions are included in this policy. @@ -256,0 +257 @@ Change | Description | Date +AWSIoTSiteWiseReadOnlyAccess – Update to an existing policy | AWS IoT SiteWise added the `iotsitewise:ExecuteQuery` permission to enable read-only SQL query execution through the AWS IoT SiteWise Grafana plugin. | September 25, 2025