AWS resource-explorer documentation change
Summary
Added documentation for new immediate resource discovery feature that enables automatic search capabilities based on IAM permissions without manual setup
Security assessment
The change documents security-related access controls (IAM permissions requirements for resource discovery) but does not address a specific security vulnerability. It explains required policies like AWSResourceExplorerReadOnlyAccess and iam:CreateServiceLinkedRole, which are security features governing access to resources.
Diff
diff --git a/resource-explorer/latest/userguide/doc-history.md b/resource-explorer/latest/userguide/doc-history.md index 6bad89bb1..56337d975 100644 --- a//resource-explorer/latest/userguide/doc-history.md +++ b//resource-explorer/latest/userguide/doc-history.md @@ -4,0 +5,2 @@ +AWS Resource Explorer now provides immediate access to resource search and discovery capabilities in a Region. With this launch, you no longer need to activate Resource Explorer to discover your resources. [Learn more](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) + @@ -10,0 +13 @@ Change| Description| Date +Immediate resource discovery feature release| Resource Explorer now provides automatic resource search functionality without requiring manual setup. When you first access Resource Explorer through the console, [Unified Search](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/using-search.html), CLI, or API, the service automatically enables search capabilities based on your IAM permissions. Users with, at minimum, the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy can immediately search all tagged resources and supported untagged resources created after the [immediate resource discovery](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) release. For complete resource inventory with automatic updates, users also need the `iam:CreateServiceLinkedRole` permission (included in the [AWSResourceExplorerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerFullAccess.html) managed policy). This feature eliminates the traditional setup barrier and provides immediate value while maintaining all existing functionality for customers who have already configured Resource Explorer. Cross-Region search capabilities remain available as an optional enhancement.| October 6, 2025