AWS waf documentation change
Summary
Added documentation entry about AWS WAF managed policy updates expanding permissions for multiple services
Security assessment
Documents updates to IAM managed policies (AWSWAFConsole*Access) that now include additional AWS services. While IAM policies are security features, the change describes expanded service coverage rather than addressing a specific vulnerability. The update enhances security documentation but doesn't indicate a security issue resolution.
Diff
diff --git a/waf/latest/developerguide/doc-history.md b/waf/latest/developerguide/doc-history.md index 98ac2e2ba..7c54723e0 100644 --- a//waf/latest/developerguide/doc-history.md +++ b//waf/latest/developerguide/doc-history.md @@ -16,0 +17 @@ Change| Description| Date +[AWS WAF managed policy changes](./security-iam-awsmanpol.html#security-iam-awsmanpol-updates)| Updated Amazon API Gateway permissions to the `AWSWAFConsoleFullAccess` and `AWSWAFConsoleReadOnlyAccess`managed policies. Added Amazon CloudWatch, AWS AppSync, Amazon Data Firehose, AWS Price List, and AWS Marketplace to the `AWSWAFConsoleFullAccess` and `AWSWAFConsoleReadOnlyAccess`managed policies.| November 3, 2025