AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2026-01-25 · Documentation medium

File: AmazonECS/latest/developerguide/security-iam-awsmanpol.md

Summary

Added documentation for new 'ssmmessages:OpenDataChannel' IAM permission and updated Elastic Load Balancing terminology

Security assessment

Added permission (ssmmessages:OpenDataChannel) enables ECS Exec sessions, which is a security feature for secure command execution in containers. The terminology update (ELB → Elastic Load Balancing) has no security impact. Documentation explicitly describes the security feature but doesn't address a vulnerability.

Diff

diff --git a/AmazonECS/latest/developerguide/security-iam-awsmanpol.md b/AmazonECS/latest/developerguide/security-iam-awsmanpol.md
index 228257a1f..825fbc88e 100644
--- a//AmazonECS/latest/developerguide/security-iam-awsmanpol.md
+++ b//AmazonECS/latest/developerguide/security-iam-awsmanpol.md
@@ -232,0 +233 @@ Change | Description | Date
+Add permissions to [AmazonECSServiceRolePolicy](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonECSServiceRolePolicy). | The `AmazonECSServiceRolePolicy` managed IAM policy was updated to include the `ssmmessages:OpenDataChannel` permission. This permission allows Amazon ECS to open data channels for ECS Exec sessions. | January 20, 2026  
@@ -260 +261 @@ Add permissions to [AmazonEC2ContainerServiceforEC2Role](https://docs.aws.amazon
-Add permissions to AmazonECS_FullAccess | The `AmazonECS_FullAccess` policy was modified to add the `elasticloadbalancing:AddTags` permission, which includes a condition that limits the permission only to newly created load balancers, target groups, rules, and listeners created. This permission doesn't allow tags to be added to any already created ELB resources. | January 4, 2023  
+Add permissions to AmazonECS_FullAccess | The `AmazonECS_FullAccess` policy was modified to add the `elasticloadbalancing:AddTags` permission, which includes a condition that limits the permission only to newly created load balancers, target groups, rules, and listeners created. This permission doesn't allow tags to be added to any already created Elastic Load Balancing resources. | January 4, 2023