AWS acm documentation change
Summary
Removed 'search' from the list of allowed actions in the AWSCertificateManagerReadOnly policy description and removed a changelog entry about SearchCertificates support.
Security assessment
The change removes the 'SearchCertificates' permission from the documented capabilities of the read-only policy, which is a reduction of permissions. However, there is no evidence in the diff that this change addresses a specific security vulnerability or incident; it appears to be a routine documentation correction or policy update.
Diff
diff --git a/acm/latest/userguide/security-iam-awsmanpol.md b/acm/latest/userguide/security-iam-awsmanpol.md index d1bddb1ec..a92d61da4 100644 --- a//acm/latest/userguide/security-iam-awsmanpol.md +++ b//acm/latest/userguide/security-iam-awsmanpol.md @@ -19 +19 @@ For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM -This policy provides read–only access to ACM certificates; it allows users to describe, list, search, and retrieve ACM certificates. +This policy provides read–only access to ACM certificates; it allows users to describe, list, and retrieve ACM certificates. @@ -39 +38,0 @@ Change | Description | Date -Added `SearchCertificates` support to the AWSCertificateManagerReadOnly policy. | The `AWSCertificateManagerReadOnly` policy now includes permission to call the `SearchCertificates` API action. | March 31, 2026