AWS transform documentation change
Summary
Added documentation about an update to the AWSTransformCustomFullAccess policy to include permission to create a service-linked role for CloudWatch metrics emission, with a table entry and detailed description.
Security assessment
This change documents an update to a managed IAM policy to include permissions for creating a service-linked role required for CloudWatch metrics. This is a routine policy update to enable monitoring functionality, not addressing a security vulnerability. It adds security documentation about IAM policy changes.
Diff
diff --git a/transform/latest/userguide/security-iam-awsmanpol.md b/transform/latest/userguide/security-iam-awsmanpol.md index 321dbe99c..740ce5ee4 100644 --- a//transform/latest/userguide/security-iam-awsmanpol.md +++ b//transform/latest/userguide/security-iam-awsmanpol.md @@ -0,0 +1,2 @@ +[View a markdown version of this page](security-iam-awsmanpol.md) + @@ -22,0 +25 @@ Change | Description | Date +AWSTransformCustomFullAccess – Updated policy | Added permission to create the AWS Transform custom service-linked role (`AWSServiceRoleForAWSTransformCustom`) to enable CloudWatch metrics emission to customer accounts. | April 7, 2026 @@ -124,0 +128,2 @@ This policy includes the following permissions: + * **AWS Identity and Access Management (IAM)** – Allows creating the AWS Transform custom [service-linked role](./using-service-linked-roles.html#using-service-linked-roles-custom) (`AWSServiceRoleForAWSTransformCustom`). This role is required for AWS Transform custom to emit CloudWatch metrics to your account. The permission is scoped to only allow creating this specific service-linked role. +