AWS imagebuilder documentation change
Summary
Added new IAM role creation options for lifecycle policies, including automated console-based role creation.
Security assessment
While the changes involve IAM role management (a security-related feature), there is no evidence of addressing a specific security vulnerability. The updates focus on usability improvements rather than security fixes.
Diff
diff --git a/imagebuilder/latest/userguide/image-lifecycle-prerequisites.md b/imagebuilder/latest/userguide/image-lifecycle-prerequisites.md index ebc231f48..77a7ce063 100644 --- a//imagebuilder/latest/userguide/image-lifecycle-prerequisites.md +++ b//imagebuilder/latest/userguide/image-lifecycle-prerequisites.md @@ -11 +11,7 @@ Before you can define EC2 Image Builder lifecycle management policies and rules - * Create an IAM role that grants permission for Image Builder to run lifecycle policies. To create the role, see Create an IAM role for Image Builder lifecycle management. + * Create an IAM role that grants permission for Image Builder to run lifecycle policies. You can create this role in one of the following ways: + + * Use the **Create lifecycle execution role using service defaults** option in the Image Builder console when creating a lifecycle policy. This automatically creates a role with the `EC2ImageBuilderLifecycleExecutionPolicy` managed policy attached. + + * Use the **Create a new lifecycle execution role** option in the Image Builder console, which opens IAM with pre-filled settings for one-click role creation. + + * Manually create the role in the IAM console. For step-by-step instructions, see Create an IAM role for Image Builder lifecycle management.