AWS Security ChangesHomeSearch

AWS resource-explorer documentation change

Service: resource-explorer · 2025-10-16 · Documentation low

File: resource-explorer/latest/userguide/security_iam_awsmanpol.md

Summary

Updated links to AWS managed policies and added changelog entry for AWSResourceExplorerServiceRolePolicy with new permissions

Security assessment

The change documents expanded permissions in a service-linked role policy (adding read-only access to ELB, Kinesis, and Organizations APIs). While this updates security-related documentation, there is no evidence of addressing a specific vulnerability or incident.

Diff

diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md
index 77552cbf5..0a380f7c1 100644
--- a//resource-explorer/latest/userguide/security_iam_awsmanpol.md
+++ b//resource-explorer/latest/userguide/security_iam_awsmanpol.md
@@ -99 +99 @@ This policy grants the permissions required for Resource Explorer to retrieve in
-To see the latest version of this AWS managed policy, see `[AWSResourceExplorerServiceRolePolicy](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy)` in the IAM console or [`AWSResourceExplorerServiceRolePolicy`](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerServiceRolePolicy.html) in the _AWS Managed Policy Reference Guide_. 
+To see the latest version of this AWS managed policy, [`AWSResourceExplorerServiceRolePolicy`](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerServiceRolePolicy.html) in the _AWS Managed Policy Reference Guide_.
@@ -146 +146 @@ This policy includes permissions that allow administrators to set up multi-accou
-To see the latest version of this AWS managed policy, see `[AWSResourceExplorerOrganizationsAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerOrganizationsAccess)` in the IAM console.
+To see the latest version of this AWS managed policy, see `[AWSResourceExplorerOrganizationsAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerServiceRolePolicy.html)` in the _AWS Managed Policy Reference Guide_.
@@ -153,0 +154,11 @@ Change | Description | Date
+AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types  |  Resource Explorer modified the permissions in the service-linked role policy AWSResourceExplorerServiceRolePolicy. Permissions were added that allows Resource Explorer to view additional resource types:
+
+  * `organizations:DescribeResourcePolicy`
+  * `elasticloadbalancing:DescribeLoadBalancerPolicies`
+  * `elasticloadbalancing:DescribeLoadBalancerPolicyTypes`
+  * `elasticloadbalancing:DescribeTargetGroupAttributes`
+  * `elasticloadbalancing:DescribeTargetHealth`
+  * `kinesis:DescribeStreamSummary`
+  * `kinesis:ListTagsForStream`
+
+| October 13, 2025