AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-11-04 · Documentation medium

File: waf/latest/developerguide/doc-history.md

Summary

Added documentation entry about AWS WAF managed policy updates expanding permissions for multiple services

Security assessment

Documents updates to IAM managed policies (AWSWAFConsole*Access) that now include additional AWS services. While IAM policies are security features, the change describes expanded service coverage rather than addressing a specific vulnerability. The update enhances security documentation but doesn't indicate a security issue resolution.

Diff

diff --git a/waf/latest/developerguide/doc-history.md b/waf/latest/developerguide/doc-history.md
index 98ac2e2ba..7c54723e0 100644
--- a//waf/latest/developerguide/doc-history.md
+++ b//waf/latest/developerguide/doc-history.md
@@ -16,0 +17 @@ Change| Description| Date
+[AWS WAF managed policy changes](./security-iam-awsmanpol.html#security-iam-awsmanpol-updates)| Updated Amazon API Gateway permissions to the `AWSWAFConsoleFullAccess` and `AWSWAFConsoleReadOnlyAccess`managed policies. Added Amazon CloudWatch, AWS AppSync, Amazon Data Firehose, AWS Price List, and AWS Marketplace to the `AWSWAFConsoleFullAccess` and `AWSWAFConsoleReadOnlyAccess`managed policies.| November 3, 2025