AWS Security ChangesHomeSearch

AWS solutions high security documentation change

Service: solutions · 2025-10-25 · Security-related high

File: solutions/latest/automations-for-aws-firewall-manager/security.md

Summary

Removed IAM policy statements denying DynamoDB/SSM access and restructured content.

Security assessment

Deletes explicit security controls (Deny policies) for DynamoDB and SSM resources, potentially weakening documented security posture.

Diff

diff --git a/solutions/latest/automations-for-aws-firewall-manager/security.md b/solutions/latest/automations-for-aws-firewall-manager/security.md
index d9a55dbf4..7d82a3be6 100644
--- a//solutions/latest/automations-for-aws-firewall-manager/security.md
+++ b//solutions/latest/automations-for-aws-firewall-manager/security.md
@@ -87,16 +87,2 @@ By default, an IAM user or role must be explicitly authorized to [perform an act
-     "Resource": "arn:aws:dynamodb:<region>:<account-id>:table/<table-name>",
-     "Effect": "Deny",
-     "Sid": "FMSDDBSecure"
-     },
-     {
-     "Action": "ssm:*"
-     "Resource": [
-     "arn:aws:ssm:<region>:<account-id>:parameter/FMS/OUs",
-     "arn:aws:ssm:<region>:<account-id>:parameter/FMS/Regions",
-     "arn:aws:ssm:<region>:<account-id>:parameter/FMS/Tags"
-     ],
-     "Effect": "Deny",
-     "Sid": "FMSSSMSecure"
-     }
-     ]
-    }
+     "Resource": "arn:aws:dynamodb: 
+             
@@ -112 +98 @@ Cost
-Quotas
+Deploy the solution