AWS Security ChangesHomeSearch

AWS mgn documentation change

Service: mgn · 2025-11-04 · Documentation low

File: mgn/latest/ug/create-permissions-manually.md

Summary

Updated terminology from 'permissions' to 'roles' and added connector role usage details

Security assessment

While improving IAM role documentation, changes focus on terminology accuracy rather than addressing specific security vulnerabilities. Adds security documentation by better explaining role requirements.

Diff

diff --git a/mgn/latest/ug/create-permissions-manually.md b/mgn/latest/ug/create-permissions-manually.md
index 50eb8600e..1c1f735c0 100644
--- a//mgn/latest/ug/create-permissions-manually.md
+++ b//mgn/latest/ug/create-permissions-manually.md
@@ -9 +9 @@ NEW - You can now accelerate your migration and modernization with AWS Transform
-# Create permissions manually
+# Create roles manually
@@ -11 +11 @@ NEW - You can now accelerate your migration and modernization with AWS Transform
-To create permissions manually, you create the MGNConnectorInstallerRole to install the MGN Connector and the AWSApplicationMigrationConnectorManagementRole for the MGN Connector to assume.
+To create permissions manually, you create the MGNConnectorInstallerRole to install the MGN Connector and the AWSApplicationMigrationConnectorManagementRole needed to enable the connector to run. The connector assumes the AWSApplicationMigrationConnectorSharingRole_`management-account-id` role as needed, for example, to install the replication agent on a source server.
@@ -108 +108 @@ JSON
-  2. If you have created an S3 bucket for SSM logging, replace **LOGS-BUCKET** with the bucket name and append the following statements to the above policy:
+  2. If you created an S3 bucket for SSM logging, replace **LOGS-BUCKET** with the bucket name and append the following to the policy:
@@ -116 +116 @@ JSON
-  3. In order for the MGN connector to send logs to CloudWatch, append the following statement to the above policy:
+  3. In order for the MGN connector to send logs to CloudWatch, append this statement to the policy:
@@ -171 +171 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Permissions
+IAM roles for connector
@@ -173 +173 @@ Permissions
-Deploy permissions using a AWS CloudFormation template
+Deploy role using CloudFormation template