AWS Security ChangesHomeSearch

AWS lexv2 low security documentation change

Service: lexv2 · 2025-11-22 · Security-related low

File: lexv2/latest/dg/conversation-logs-policies.md

Summary

Clarified that Amazon Lex V2 (instead of an unspecified entity) assumes the role for conversation logs delivery

Security assessment

The change explicitly names Amazon Lex V2 as the service allowed to assume the role, improving IAM policy specificity. This prevents potential privilege escalation by limiting role assumption to the intended service, adhering to the principle of least privilege.

Diff

diff --git a/lexv2/latest/dg/conversation-logs-policies.md b/lexv2/latest/dg/conversation-logs-policies.md
index 2ec8a1ca3..c16f8bd6d 100644
--- a//lexv2/latest/dg/conversation-logs-policies.md
+++ b//lexv2/latest/dg/conversation-logs-policies.md
@@ -23 +23 @@ The following code is formatted for Linux and MacOS. For Windows, replace the Li
-  1. Create a document in the current directory called `LexConversationLogsAssumeRolePolicyDocument.json`, add the following code to it, and save it. This policy document adds Amazon Lex V2 as a trusted entity to the role. This allows to assume the role to deliver logs to the resources configured for conversation logs.
+  1. Create a document in the current directory called `LexConversationLogsAssumeRolePolicyDocument.json`, add the following code to it, and save it. This policy document adds Amazon Lex V2 as a trusted entity to the role. This allows Amazon Lex V2 to assume the role to deliver logs to the resources configured for conversation logs.