AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2026-03-28 · Documentation low

File: guardduty/latest/ug/security-iam-awsmanpol.md

Summary

Added detailed policy statement for cloudtrail:CreateServiceLinkedChannel permission in AmazonGuardDutyServiceRolePolicy

Security assessment

This change provides detailed documentation of a policy update that allows GuardDuty to create service-linked channels for CloudTrail. This enhances GuardDuty's event consumption capabilities but doesn't address a specific security vulnerability. The change adds detailed security policy documentation.

Diff

diff --git a/guardduty/latest/ug/security-iam-awsmanpol.md b/guardduty/latest/ug/security-iam-awsmanpol.md
index 28d95704d..666497b19 100644
--- a//guardduty/latest/ug/security-iam-awsmanpol.md
+++ b//guardduty/latest/ug/security-iam-awsmanpol.md
@@ -109,0 +110,18 @@ Change | Description | Date
+[AmazonGuardDutyServiceRolePolicy](./slr-permissions.html) – Update to an existing policy |  Added the `cloudtrail:CreateServiceLinkedChannel` permission to enable an additional mechanism for consuming AWS CloudTrail events.
+    
+    
+    {
+                                    "Sid": "CloudTrailCreateServiceLinkedChannelSid",
+                                    "Effect": "Allow",
+                                    "Action": [
+                                        "cloudtrail:CreateServiceLinkedChannel"
+                                    ],
+                                    "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/guardduty/*",
+                                    "Condition": {
+                                        "StringEquals": {
+                                            "aws:ResourceAccount": "${aws:PrincipalAccount}"
+                                        }
+                                    }
+                                }
+
+| March 25, 2026