AWS inspector documentation change
Summary
Added clarification that when an IAM instance profile is configured, Amazon Inspector uses that profile and ignores the Default Host Management Configuration role.
Security assessment
This change documents IAM instance profile precedence for security scanning configuration. It helps users understand how Amazon Inspector determines which permissions to use but doesn't address a specific security vulnerability or incident.
Diff
diff --git a/inspector/latest/user/scanning-ec2.md b/inspector/latest/user/scanning-ec2.md index 08900275e..617a4d07b 100644 --- a//inspector/latest/user/scanning-ec2.md +++ b//inspector/latest/user/scanning-ec2.md @@ -80 +80 @@ The following procedure describes how to configure an Amazon EC2 instance as a m -You can also automate SSM management of all your EC2 instances, without the use of IAM instance profiles using SSM Default Host Management Configuration. For more information, see [Default Host Management Configuration](https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html). +You can also automate SSM management of all your EC2 instances, without the use of IAM instance profiles, by using SSM Default Host Management Configuration. For more information, see [Default Host Management Configuration](https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html). When an IAM instance profile is configured on an instance, Amazon Inspector uses that profile and ignores the Default Host Management Configuration (DHMC) role.