AWS resource-explorer documentation change
Summary
Removed activation notice and added documentation about updated AWSResourceExplorerServiceRolePolicy permissions (DynamoDB:DescribeTimeToLive and logs:DescribeResourcePolicies).
Security assessment
The update documents expanded IAM policy permissions for the service-linked role, which relates to security controls. However, there is no indication this addresses a security vulnerability—it appears to be a routine expansion of supported resource types.
Diff
diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md index 0a380f7c1..b43397388 100644 --- a//resource-explorer/latest/userguide/security_iam_awsmanpol.md +++ b//resource-explorer/latest/userguide/security_iam_awsmanpol.md @@ -7,2 +6,0 @@ AWSResourceExplorerFullAccessAWSResourceExplorerReadOnlyAccessAWSResourceExplore -AWS Resource Explorer now provides immediate access to resource search and discovery capabilities in a Region. With this launch, you no longer need to activate Resource Explorer to discover your resources. [Learn more](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) - @@ -153,0 +152,6 @@ Change | Description | Date +AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types | Resource Explorer modified the permissions in the service-linked role policy AWSResourceExplorerServiceRolePolicy. Permissions were added that allows Resource Explorer to view additional resource types: + + * `dynamodb:DescribeTimeToLive` + * `logs:DescribeResourcePolicies` + +| November 14, 2025