AWS Security ChangesHomeSearch

AWS msk medium security documentation change

Service: msk · 2026-02-25 · Security-related medium

File: msk/latest/developerguide/doc-history.md

Summary

Added service-linked role policy update for IPv6 connectivity support, including new EC2 permissions (AssignIpv6Addresses, UnassignIpv6Addresses, ModifyNetworkInterfaceAttribute).

Security assessment

The policy update explicitly adds new IAM permissions required for IPv6 networking. IAM policy modifications directly impact security posture by controlling resource access. The change documents security-relevant permissions needed for new network functionality.

Diff

diff --git a/msk/latest/developerguide/doc-history.md b/msk/latest/developerguide/doc-history.md
index 7b6f07063..34c65eb8f 100644
--- a//msk/latest/developerguide/doc-history.md
+++ b//msk/latest/developerguide/doc-history.md
@@ -12,0 +13 @@ Change | Description | Date
+Service-linked role policy update for IPv6 connectivity | Amazon MSK updated the KafkaServiceRolePolicy to add IPv6 connectivity support. The policy now includes `ec2:AssignIpv6Addresses`, `ec2:UnassignIpv6Addresses`, and `ec2:ModifyNetworkInterfaceAttribute` permissions to enable IPv6 connectivity for MSK clusters. For more information, see [KafkaServiceRolePolicy](https://docs.aws.amazon.com/msk/latest/developerguide/security-iam-awsmanpol.html#security-iam-awsmanpol-KafkaServiceRolePolicy). | 2025-11-17