AWS Security ChangesHomeSearch

AWS awsconsolehelpdocs documentation change

Service: awsconsolehelpdocs · 2026-02-22 · Documentation medium

File: awsconsolehelpdocs/latest/gsg/troubleshooting.md

Summary

Added guidance for dual-stack domains in IAM policies, recommending both IPv4/IPv6 CIDR blocks in aws:SourceIp conditions

Security assessment

The change documents security best practices for access control in dual-stack environments. While not fixing a specific vulnerability, it proactively addresses potential misconfigurations that could cause access denials, enhancing security posture documentation.

Diff

diff --git a/awsconsolehelpdocs/latest/gsg/troubleshooting.md b/awsconsolehelpdocs/latest/gsg/troubleshooting.md
index efd390021..1bc99d116 100644
--- a//awsconsolehelpdocs/latest/gsg/troubleshooting.md
+++ b//awsconsolehelpdocs/latest/gsg/troubleshooting.md
@@ -73,0 +74,2 @@ We recommend you review the IAM policies that contain the `aws:SourceIp` or `aws
+Some AWS Management Console features use dual-stack domains that support both IPv4 and IPv6 connections. If your IAM policy restricts access using `aws:SourceIp` with only IPv4 CIDR blocks, requests might fail when your operating system prefers IPv6 connections (or vice versa). To avoid this, include both IPv4 and IPv6 CIDR blocks in your `aws:SourceIp` condition. For more information, see [aws:SourceIp](https://docs.aws.amazon.com//IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceip) in the _AWS Identity and Access Management User Guide_.
+