AWS config documentation change
Summary
Added new S3 Tables permissions (ListTagsForResource, GetTableBucketMetricsConfiguration, GetTableBucketStorageClass) to AWS_ConfigRole and AWSConfigServiceRolePolicy
Security assessment
Documents added permissions required for S3 Tables operations in IAM policies. While security-related (IAM permissions), there's no evidence this fixes a vulnerability. It ensures policies have necessary permissions for new features, preventing potential access issues.
Diff
diff --git a/config/latest/developerguide/security-iam-awsmanpol.md b/config/latest/developerguide/security-iam-awsmanpol.md index a94c82195..a03fabd20 100644 --- a//config/latest/developerguide/security-iam-awsmanpol.md +++ b//config/latest/developerguide/security-iam-awsmanpol.md @@ -179,0 +180,2 @@ Change | Description | Date +AWS_ConfigRole – add "s3tables:ListTagsForResource", "s3tables:GetTableBucketMetricsConfiguration", "s3tables:GetTableBucketStorageClass" | This policy now supports additional permissions for S3Tables.. | January 09, 2026 +AWSConfigServiceRolePolicy – add "s3tables:ListTagsForResource", "s3tables:GetTableBucketMetricsConfiguration", "s3tables:GetTableBucketStorageClass" | This policy now supports additional permissions for S3Tables. | January 09, 2026