AWS Security ChangesHomeSearch

AWS r53recovery documentation change

Service: r53recovery · 2025-10-16 · Documentation low

File: r53recovery/latest/dg/region-switch-plans.md

Summary

Updated multiple IAM policy documentation links for cross-account resources and CloudWatch alarms

Security assessment

These changes improve documentation for IAM permissions related to cross-account access and monitoring, which are security best practices. No specific security issue is addressed.

Diff

diff --git a/r53recovery/latest/dg/region-switch-plans.md b/r53recovery/latest/dg/region-switch-plans.md
index 47cc1b02b..f4a28953a 100644
--- a//r53recovery/latest/dg/region-switch-plans.md
+++ b//r53recovery/latest/dg/region-switch-plans.md
@@ -50 +50 @@ You can add execution blocks in a workflow sequentially, or you can add one or m
-Finally, you can also configure cross-account resources for an execution block. First, you must configure permissions, by following the guidance in [Cross-account support in Region switch](./cross-account-resources-rs.html). After you've set up the required IAM roles, then you can add cross-acount resources in the execution blocks in your plan workflows. To add cross-account resources, when you add an execution block, you specify a target IAM role that has permissions to the resource of other AWS accounts. You also must specify the external ID that you provided in the trust policy for the cross-account role. For details about creating the required IAM roles, see [Cross-account resource access](./security_iam_id-based-policy-examples-region-switch.html#security_iam_region_switch_cross_account).
+Finally, you can also configure cross-account resources for an execution block. First, you must configure permissions, by following the guidance in [Cross-account support in Region switch](./cross-account-resources-rs.html). After you've set up the required IAM roles, then you can add cross-acount resources in the execution blocks in your plan workflows. To add cross-account resources, when you add an execution block, you specify a target IAM role that has permissions to the resource of other AWS accounts. You also must specify the external ID that you provided in the trust policy for the cross-account role. For details about creating the required IAM roles, see [Cross-account resource permissions](./security_iam_region_switch_cross_account.html).
@@ -70 +70 @@ To support calculating an accurate actual recovery time for plan execution, add
-Before you add CloudWatch alarms to a Region switch plan, make sure that you have the correct IAM policy in place. For more information, see [Sample policy for alarms](./security_iam_id-based-policy-examples-region-switch.html#ARCSwitchIAM_Alarms).
+Before you add CloudWatch alarms to a Region switch plan, make sure that you have the correct IAM policy in place. For more information, see [CloudWatch alarms for application health permissions](./security_iam_region_switch_cloudwatch.html).