AWS Security ChangesHomeSearch

AWS elasticbeanstalk documentation change

Service: elasticbeanstalk · 2026-03-07 · Documentation medium

File: elasticbeanstalk/latest/dg/iam-instanceprofile.md

Summary

Added new required IAM permissions for AI-powered environment analysis feature (Bedrock permissions and Elastic Beanstalk health access)

Security assessment

The change documents required permissions for a new feature but doesn't address a security vulnerability. While IAM permissions relate to security posture, this is feature enablement rather than remediation of a security issue. The documentation addition helps users properly configure security permissions for new functionality.

Diff

diff --git a/elasticbeanstalk/latest/dg/iam-instanceprofile.md b/elasticbeanstalk/latest/dg/iam-instanceprofile.md
index 2668f2deb..9d5ba18f1 100644
--- a//elasticbeanstalk/latest/dg/iam-instanceprofile.md
+++ b//elasticbeanstalk/latest/dg/iam-instanceprofile.md
@@ -64,0 +65,2 @@ To customize permissions, you can add policies to the role attached to the defau
+To use the [AI-powered environment analysis](./health-ai-analysis.html) feature, add the `bedrock:InvokeModel`, `bedrock:ListFoundationModels`, `elasticbeanstalk:DescribeEvents`, and `elasticbeanstalk:DescribeEnvironmentHealth` permissions to your instance profile. These permissions allow Elastic Beanstalk to use Amazon Bedrock and access environment data for analyzing logs, events, and instance health.
+