AWS Security ChangesHomeSearch

AWS iot-device-defender documentation change

Service: iot-device-defender · 2026-02-16 · Documentation low

File: iot-device-defender/latest/devguide/dd-mitigation-actions.md

Summary

Added JSON example policy for IoT logging mitigation action requiring iot:SetV2LoggingOptions and iam:PassRole permissions

Security assessment

Documents required IAM permissions for a security feature (logging mitigation), but doesn't address any specific vulnerability. Shows proper implementation of security controls.

Diff

diff --git a/iot-device-defender/latest/devguide/dd-mitigation-actions.md b/iot-device-defender/latest/devguide/dd-mitigation-actions.md
index f4231addc..42d35417a 100644
--- a//iot-device-defender/latest/devguide/dd-mitigation-actions.md
+++ b//iot-device-defender/latest/devguide/dd-mitigation-actions.md
@@ -489,0 +490,29 @@ ENABLE_IOT_LOGGING |
+
+JSON
+    
+
+****
+    
+    
+    
+    {
+      "Version":"2012-10-17",		 	 	 
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "iot:SetV2LoggingOptions"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "iam:PassRole"
+          ],
+          "Resource": "arn:aws:iam::123456789012:role/IoTLoggingRole"
+        }
+      ]
+    }
+      
+