AWS Security ChangesHomeSearch

AWS transform documentation change

Service: transform · 2026-04-16 · Documentation low

File: transform/latest/userguide/security-iam-awsmanpol.md

Summary

Added documentation about an update to the AWSTransformCustomFullAccess policy to include permission to create a service-linked role for CloudWatch metrics emission, with a table entry and detailed description.

Security assessment

This change documents an update to a managed IAM policy to include permissions for creating a service-linked role required for CloudWatch metrics. This is a routine policy update to enable monitoring functionality, not addressing a security vulnerability. It adds security documentation about IAM policy changes.

Diff

diff --git a/transform/latest/userguide/security-iam-awsmanpol.md b/transform/latest/userguide/security-iam-awsmanpol.md
index 321dbe99c..740ce5ee4 100644
--- a//transform/latest/userguide/security-iam-awsmanpol.md
+++ b//transform/latest/userguide/security-iam-awsmanpol.md
@@ -0,0 +1,2 @@
+[View a markdown version of this page](security-iam-awsmanpol.md)
+
@@ -22,0 +25 @@ Change | Description | Date
+AWSTransformCustomFullAccess – Updated policy |  Added permission to create the AWS Transform custom service-linked role (`AWSServiceRoleForAWSTransformCustom`) to enable CloudWatch metrics emission to customer accounts. | April 7, 2026  
@@ -124,0 +128,2 @@ This policy includes the following permissions:
+  * **AWS Identity and Access Management (IAM)** – Allows creating the AWS Transform custom [service-linked role](./using-service-linked-roles.html#using-service-linked-roles-custom) (`AWSServiceRoleForAWSTransformCustom`). This role is required for AWS Transform custom to emit CloudWatch metrics to your account. The permission is scoped to only allow creating this specific service-linked role.
+