AWS directoryservice documentation change
Summary
Updated terminology from 'AWS Directory Service' to 'Directory Service' throughout the document for consistency. No changes to policy permissions or security implications - only branding/naming standardization.
Security assessment
Changes are purely branding/naming updates (removing 'AWS' prefix from service name references). No modifications to actual permissions, security controls, or vulnerability disclosures. Policy descriptions and capabilities remain identical.
Diff
diff --git a/directoryservice/latest/admin-guide/security-iam-awsmanpol.md b/directoryservice/latest/admin-guide/security-iam-awsmanpol.md index 0650ef323..e26fc184a 100644 --- a//directoryservice/latest/admin-guide/security-iam-awsmanpol.md +++ b//directoryservice/latest/admin-guide/security-iam-awsmanpol.md @@ -17 +17 @@ For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM -The following sections describe the AWS managed policies that are specific to AWS Directory Service. You can attach these policies to users in your account. +The following sections describe the AWS managed policies that are specific to Directory Service. You can attach these policies to users in your account. @@ -25 +25 @@ You can attach the `AWSDirectoryServiceFullAccess` policy to your IAM identities -This policy grants administrative permissions that allow a principal full access to all AWS Directory Service actions. Principals with these permissions can create, configure, and manage directories, including Simple AD, AD Connector, and Managed Microsoft AD. They can also manage directory sharing, trust relationships, and monitoring configurations. This policy includes permissions to manage the underlying network infrastructure required for directory services. +This policy grants administrative permissions that allow a principal full access to all Directory Service actions. Principals with these permissions can create, configure, and manage directories, including Simple AD, AD Connector, and Managed Microsoft AD. They can also manage directory sharing, trust relationships, and monitoring configurations. This policy includes permissions to manage the underlying network infrastructure required for directory services. @@ -31 +31 @@ This policy includes the following permissions: - * `ds` – Allows principals full access to all AWS Directory Service actions. + * `ds` – Allows principals full access to all Directory Service actions. @@ -48 +48 @@ You can attach the `AWSDirectoryServiceReadOnlyAccess` policy to your IAM identi -This policy grants read-only permissions that allow users to view information in AWS Directory Service. Principals with this policy attached cannot make any updates to directories or their configurations. For example, principals with these permissions can view directory details, trust relationships, and monitoring configurations, but cannot create new directories or modify existing ones. They can also view related EC2 network resources and SNS topics associated with directories. +This policy grants read-only permissions that allow users to view information in Directory Service. Principals with this policy attached cannot make any updates to directories or their configurations. For example, principals with these permissions can view directory details, trust relationships, and monitoring configurations, but cannot create new directories or modify existing ones. They can also view related EC2 network resources and SNS topics associated with directories. @@ -103 +103 @@ You cannot attach the `AWSDirectoryServiceServiceRolePolicy` policy to your IAM -This policy grants permissions that allow AWS Directory Service to monitor and assess self-managed domain controllers in hybrid Active Directory environments. The service uses these permissions to run automated health assessments, execute PowerShell scripts for compatibility testing, and gather network configuration information to ensure proper hybrid connectivity and automated recovery capabilities. +This policy grants permissions that allow Directory Service to monitor and assess self-managed domain controllers in hybrid Active Directory environments. The service uses these permissions to run automated health assessments, execute PowerShell scripts for compatibility testing, and gather network configuration information to ensure proper hybrid connectivity and automated recovery capabilities. @@ -116 +116 @@ This policy includes the following permissions: -## IAM and AWS Directory Service updates to AWS managed policies +## IAM and Directory Service updates to AWS managed policies @@ -118 +118 @@ This policy includes the following permissions: -View details about updates to IAM and AWS managed policies since the service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the IAM and AWS Directory Service Document history pages. +View details about updates to IAM and AWS managed policies since the service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the IAM and Directory Service Document history pages. @@ -122,4 +122,4 @@ Change | Description | Date -AWSDirectoryServiceServiceRolePolicy – New policy | AWS Directory Service added a new policy to allow AWS to monitor a customer's self-managed domain controllers. | July 30, 2025 -AWS managed policy: AWSDirectoryServiceDataReadOnlyAccess – New policy | AWS Directory Service added a new policy to allow a user or group access to view and search AD users, members, and groups. | September 17, 2024 -AWS managed policy: AWSDirectoryServiceDataFullAccess – New policy | AWS Directory Service added a new policy to allow a user or group access to built-in object management with Directory Service Data to create, manage, and view AD users, members, and groups. | September 17, 2024 -AWS Directory Service started tracking changes | AWS Directory Service started tracking changes for its AWS managed policies. | September 17, 2024 +AWSDirectoryServiceServiceRolePolicy – New policy | Directory Service added a new policy to allow AWS to monitor a customer's self-managed domain controllers. | July 30, 2025 +AWS managed policy: AWSDirectoryServiceDataReadOnlyAccess – New policy | Directory Service added a new policy to allow a user or group access to view and search AD users, members, and groups. | September 17, 2024 +AWS managed policy: AWSDirectoryServiceDataFullAccess – New policy | Directory Service added a new policy to allow a user or group access to built-in object management with Directory Service Data to create, manage, and view AD users, members, and groups. | September 17, 2024 +Directory Service started tracking changes | Directory Service started tracking changes for its AWS managed policies. | September 17, 2024