AWS Security ChangesHomeSearch

AWS resource-explorer documentation change

Service: resource-explorer · 2025-11-19 · Documentation medium

File: resource-explorer/latest/userguide/security_iam_awsmanpol.md

Summary

Removed activation notice and added documentation about updated AWSResourceExplorerServiceRolePolicy permissions (DynamoDB:DescribeTimeToLive and logs:DescribeResourcePolicies).

Security assessment

The update documents expanded IAM policy permissions for the service-linked role, which relates to security controls. However, there is no indication this addresses a security vulnerability—it appears to be a routine expansion of supported resource types.

Diff

diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md
index 0a380f7c1..b43397388 100644
--- a//resource-explorer/latest/userguide/security_iam_awsmanpol.md
+++ b//resource-explorer/latest/userguide/security_iam_awsmanpol.md
@@ -7,2 +6,0 @@ AWSResourceExplorerFullAccessAWSResourceExplorerReadOnlyAccessAWSResourceExplore
-AWS Resource Explorer now provides immediate access to resource search and discovery capabilities in a Region. With this launch, you no longer need to activate Resource Explorer to discover your resources. [Learn more](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html)
-
@@ -153,0 +152,6 @@ Change | Description | Date
+AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types  |  Resource Explorer modified the permissions in the service-linked role policy AWSResourceExplorerServiceRolePolicy. Permissions were added that allows Resource Explorer to view additional resource types:
+
+  * `dynamodb:DescribeTimeToLive`
+  * `logs:DescribeResourcePolicies`
+
+| November 14, 2025