AWS network-firewall medium security documentation change
Summary
Updated AWSNetworkFirewallReadOnlyAccess policy to include new permissions for ProxyRules, ProxyRuleGroups, ProxyConfigurations, Proxies, VpcEndpointAssociation, and FirewallMetadata
Security assessment
Expands IAM read permissions for security-sensitive firewall components. Concrete evidence: Added permissions for ProxyRules/Configurations (security controls) and FirewallMetadata (security configuration data). Impacts security by enabling better monitoring of firewall settings.
Diff
diff --git a/network-firewall/latest/developerguide/security-iam-awsmanpol.md b/network-firewall/latest/developerguide/security-iam-awsmanpol.md index 0c4a03bee..559cbc42e 100644 --- a//network-firewall/latest/developerguide/security-iam-awsmanpol.md +++ b//network-firewall/latest/developerguide/security-iam-awsmanpol.md @@ -20,0 +21 @@ Change | Description | Date +`AWSNetworkFirewallReadOnlyAccess` – Update to the existing policy | Updated the `AWSNetworkFirewallReadOnlyAccess` to support describing and listing ProxyRules, ProxyRuleGroups, ProxyConfigurations, Proxies, VpcEndpointAssociation, and describing FirewallMetadata. For policy details, see [AWSNetworkFirewallReadOnlyAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSNetworkFirewallReadOnlyAccess$serviceLevelSummary). | January 16, 2026