AWS Security ChangesHomeSearch

AWS quicksuite medium security documentation change

Service: quicksuite · 2025-11-22 · Security-related medium

File: quicksuite/latest/userguide/iam-policy-examples.md

Summary

Removed iam:AttachRolePolicy and iam:DetachRolePolicy permissions from multiple IAM policy examples

Security assessment

Removing these permissions enforces least privilege by preventing policy attachment/detachment. This directly addresses privilege escalation risks by reducing over-permissive policies.

Diff

diff --git a/quicksuite/latest/userguide/iam-policy-examples.md b/quicksuite/latest/userguide/iam-policy-examples.md
index 8d7264d8a..ebd87dd44 100644
--- a//quicksuite/latest/userguide/iam-policy-examples.md
+++ b//quicksuite/latest/userguide/iam-policy-examples.md
@@ -35,2 +34,0 @@ The following example shows the IAM permissions needed for Amazon Quick Suite IA
-                   "iam:AttachRolePolicy",
-                   "iam:DetachRolePolicy",
@@ -202,2 +199,0 @@ The following example shows a policy that allows Amazon Quick Suite admins to cr
-                    "iam:AttachRolePolicy",
-                    "iam:DetachRolePolicy",
@@ -329,2 +324,0 @@ This example explicitly denies permission to unsubscribe from Amazon Quick Suite
-                    "iam:AttachRolePolicy",
-                    "iam:DetachRolePolicy",
@@ -393,2 +386,0 @@ This example explicitly denies permission to unsubscribe from Amazon Quick Suite
-                    "iam:AttachRolePolicy",
-                    "iam:DetachRolePolicy",