AWS Security ChangesHomeSearch

AWS network-firewall medium security documentation change

Service: network-firewall · 2026-01-19 · Security-related medium

File: network-firewall/latest/developerguide/security-iam-awsmanpol.md

Summary

Updated AWSNetworkFirewallReadOnlyAccess policy to include new permissions for ProxyRules, ProxyRuleGroups, ProxyConfigurations, Proxies, VpcEndpointAssociation, and FirewallMetadata

Security assessment

Expands IAM read permissions for security-sensitive firewall components. Concrete evidence: Added permissions for ProxyRules/Configurations (security controls) and FirewallMetadata (security configuration data). Impacts security by enabling better monitoring of firewall settings.

Diff

diff --git a/network-firewall/latest/developerguide/security-iam-awsmanpol.md b/network-firewall/latest/developerguide/security-iam-awsmanpol.md
index 0c4a03bee..559cbc42e 100644
--- a//network-firewall/latest/developerguide/security-iam-awsmanpol.md
+++ b//network-firewall/latest/developerguide/security-iam-awsmanpol.md
@@ -20,0 +21 @@ Change | Description | Date
+`AWSNetworkFirewallReadOnlyAccess` – Update to the existing policy |  Updated the `AWSNetworkFirewallReadOnlyAccess` to support describing and listing ProxyRules, ProxyRuleGroups, ProxyConfigurations, Proxies, VpcEndpointAssociation, and describing FirewallMetadata. For policy details, see [AWSNetworkFirewallReadOnlyAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSNetworkFirewallReadOnlyAccess$serviceLevelSummary).  | January 16, 2026