AWS elasticbeanstalk documentation change
Summary
Added new required IAM permissions for AI-powered environment analysis feature (Bedrock permissions and Elastic Beanstalk health access)
Security assessment
The change documents required permissions for a new feature but doesn't address a security vulnerability. While IAM permissions relate to security posture, this is feature enablement rather than remediation of a security issue. The documentation addition helps users properly configure security permissions for new functionality.
Diff
diff --git a/elasticbeanstalk/latest/dg/iam-instanceprofile.md b/elasticbeanstalk/latest/dg/iam-instanceprofile.md index 2668f2deb..9d5ba18f1 100644 --- a//elasticbeanstalk/latest/dg/iam-instanceprofile.md +++ b//elasticbeanstalk/latest/dg/iam-instanceprofile.md @@ -64,0 +65,2 @@ To customize permissions, you can add policies to the role attached to the defau +To use the [AI-powered environment analysis](./health-ai-analysis.html) feature, add the `bedrock:InvokeModel`, `bedrock:ListFoundationModels`, `elasticbeanstalk:DescribeEvents`, and `elasticbeanstalk:DescribeEnvironmentHealth` permissions to your instance profile. These permissions allow Elastic Beanstalk to use Amazon Bedrock and access environment data for analyzing logs, events, and instance health. +