AWS Security ChangesHomeSearch

AWS network-manager documentation change

Service: network-manager · 2025-11-19 · Documentation low

File: network-manager/latest/tgwnm/nm-custom-multi-role.md

Summary

Updated references from 'AWS CloudFormation StackSets' to 'CloudFormation StackSets' for terminology consistency

Security assessment

The changes are purely cosmetic terminology updates removing redundant 'AWS' prefix from CloudFormation references. No security vulnerabilities, mitigations, or security feature enhancements are mentioned. The documentation continues to describe existing IAM role management without introducing new security controls or addressing specific security weaknesses.

Diff

diff --git a/network-manager/latest/tgwnm/nm-custom-multi-role.md b/network-manager/latest/tgwnm/nm-custom-multi-role.md
index ebb36b797..2a2e3083d 100644
--- a//network-manager/latest/tgwnm/nm-custom-multi-role.md
+++ b//network-manager/latest/tgwnm/nm-custom-multi-role.md
@@ -9 +9 @@ CloudWatch-CrossAccountSharingRoleIAMRoleForAWSNetworkManagerCrossAccountResourc
-AWS Global Networks for Transit Gateways uses AWS CloudFormation StackSets to deploy and manage the following two custom IAM roles in AWS Organizations member accounts to support multi-account permissions. These two roles are deployed to every member account in the organization when `AWSServiceAccess` is enabled (trusted access). For more information about multi-account, see [Manage multiple accounts in global networks using AWS Organizations](./nm-multi-account.html#tgw-nm-multi).
+AWS Global Networks for Transit Gateways uses CloudFormation StackSets to deploy and manage the following two custom IAM roles in AWS Organizations member accounts to support multi-account permissions. These two roles are deployed to every member account in the organization when `AWSServiceAccess` is enabled (trusted access). For more information about multi-account, see [Manage multiple accounts in global networks using AWS Organizations](./nm-multi-account.html#tgw-nm-multi).
@@ -104 +104 @@ The following is the read-only role template.
-When choosing the `IAMRoleForAWSNetworkManagerCrossAccountResourceAccess` permission, an associated administrative or read-only template is also passed to AWS CloudFormation StackSets. These templates contain a list of accounts that are able to assume these roles. These accounts include the AWS Organizations management account and all registered delegated administrators for the Network Manager service. Deregistering a delegated administrator removes it from this list so that it can no longer assume these roles. Disabling trusted access deletes the AWS CloudFormation StackSets, and in turn all member account stacks and custom IAM roles in those accounts that were StackSets-managed for multi-account.
+When choosing the `IAMRoleForAWSNetworkManagerCrossAccountResourceAccess` permission, an associated administrative or read-only template is also passed to CloudFormation StackSets. These templates contain a list of accounts that are able to assume these roles. These accounts include the AWS Organizations management account and all registered delegated administrators for the Network Manager service. Deregistering a delegated administrator removes it from this list so that it can no longer assume these roles. Disabling trusted access deletes the CloudFormation StackSets, and in turn all member account stacks and custom IAM roles in those accounts that were StackSets-managed for multi-account.