AWS awsaccountbilling documentation change
Summary
Removed explicit mention of users/roles being unable to use AWS Management Console/CLI/API by default for billing resources, while retaining core guidance about IAM policy requirements.
Security assessment
The change simplifies the description of default permissions but does not introduce or address a specific security vulnerability. While it relates to access control documentation, there is no evidence of a CVE, exploit mitigation, or security incident being addressed. The modification appears focused on conciseness rather than security remediation.
Diff
diff --git a/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.md b/awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.md index bbe34f5b4..84735435f 100644 --- a//awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.md +++ b//awsaccountbilling/latest/aboutv2/security_iam_id-based-policy-examples.md @@ -9 +9 @@ Policy best practicesUsing the consoleAllow users to view their own permissionsU -By default, users and roles don't have permission to create or modify Billing resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles. +By default, users and roles don't have permission to create or modify Billing resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.