AWS Security ChangesHomeSearch

AWS solutions low security documentation change

Service: solutions · 2025-11-16 · Security-related low

File: solutions/latest/automated-security-response-on-aws/concepts-and-definitions.md

Summary

Added definitions for Web UI roles including 'delegated admin' and 'account operator' with granular permissions

Security assessment

The new role definitions explicitly document access control boundaries for remediation operations, which is fundamental to security posture management. By defining least privilege roles (account operators limited to specific AWS accounts), this change directly supports security best practices for access management.

Diff

diff --git a/solutions/latest/automated-security-response-on-aws/concepts-and-definitions.md b/solutions/latest/automated-security-response-on-aws/concepts-and-definitions.md
index f9e70c5bc..d8f5ee82f 100644
--- a//solutions/latest/automated-security-response-on-aws/concepts-and-definitions.md
+++ b//solutions/latest/automated-security-response-on-aws/concepts-and-definitions.md
@@ -32,0 +33,8 @@ A feature of AWS Security Hub that, when activated, displays findings with their
+**[Solution Web UI] delegated admin**
+
+In the context of the solution’s Web UI, a delegated admin is a user that has been invited by the admin and has full access to run remediations and view remediation history. This user can also view and manage other Account Operator users.
+
+**[Solution Web UI] account operator**
+
+In the context of the solution’s Web UI, an account operator is a user invited by an admin or delegated admin to access the solution’s Web UI. This user is associated with a list of AWS Account Ids provided in their invitation; they may only run remediations and view remediation history as it pertains to resources in these accounts.
+