AWS Security ChangesHomeSearch

AWS managedservices high security documentation change

Service: managedservices · 2025-10-25 · Security-related high

File: managedservices/latest/userguide/ams-sec-stand-controls.md

Summary

Added new security controls 9.6 and 9.7 restricting IAM user permissions for SSPS services

Security assessment

The added controls explicitly address security risks by limiting IAM users with infrastructure-mutating permissions and policies attached to users. This directly mitigates potential privilege escalation and unauthorized access risks.

Diff

diff --git a/managedservices/latest/userguide/ams-sec-stand-controls.md b/managedservices/latest/userguide/ams-sec-stand-controls.md
index cf8959d00..07c4d707b 100644
--- a//managedservices/latest/userguide/ams-sec-stand-controls.md
+++ b//managedservices/latest/userguide/ams-sec-stand-controls.md
@@ -186,0 +187,2 @@ ID | Technical standard
+9.6 | SSPS that require IAM users with programmatic access (through access keys) and with any infrastructure-mutating permissions (write, permission management, or tagging) in the customer account must not be provisioned without risk acceptance.  
+9.7 | Policies created for SSPS services must not be attached to IAM users without risk acceptance.