AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2026-03-31 · Documentation low

File: inspector/latest/user/scanning-ec2.md

Summary

Added clarification that when an IAM instance profile is configured, Amazon Inspector uses that profile and ignores the Default Host Management Configuration role.

Security assessment

This change documents IAM instance profile precedence for security scanning configuration. It helps users understand how Amazon Inspector determines which permissions to use but doesn't address a specific security vulnerability or incident.

Diff

diff --git a/inspector/latest/user/scanning-ec2.md b/inspector/latest/user/scanning-ec2.md
index 08900275e..617a4d07b 100644
--- a//inspector/latest/user/scanning-ec2.md
+++ b//inspector/latest/user/scanning-ec2.md
@@ -80 +80 @@ The following procedure describes how to configure an Amazon EC2 instance as a m
-You can also automate SSM management of all your EC2 instances, without the use of IAM instance profiles using SSM Default Host Management Configuration. For more information, see [Default Host Management Configuration](https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html).
+You can also automate SSM management of all your EC2 instances, without the use of IAM instance profiles, by using SSM Default Host Management Configuration. For more information, see [Default Host Management Configuration](https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html). When an IAM instance profile is configured on an instance, Amazon Inspector uses that profile and ignores the Default Host Management Configuration (DHMC) role.