AWS serverlessrepo documentation change
Summary
Added a documentation history entry for new IAM permission controls that block overly permissive policies in published applications.
Security assessment
This documents the addition of security controls in the Serverless Application Repository. It adds security documentation but doesn't indicate a specific security issue was addressed.
Diff
diff --git a/serverlessrepo/latest/devguide/doc-history.md b/serverlessrepo/latest/devguide/doc-history.md index fc19b0b38..d54f12a11 100644 --- a//serverlessrepo/latest/devguide/doc-history.md +++ b//serverlessrepo/latest/devguide/doc-history.md @@ -19,0 +20 @@ Change| Description| Date +IAM permission controls for published applications| AWS Serverless Application Repository now blocks publication of new applications that attach the `AWSLambda_FullAccess` managed policy to Lambda functions, or that grant `iam:AttachRolePolicy`, `iam:PutRolePolicy`, or `iam:*` on all resources in inline IAM policies. For more information, see [Using AWS SAM with the AWS Serverless Application Repository](https://docs.aws.amazon.com/serverlessrepo/latest/devguide/using-aws-sam.html) and [Application Capabilities](https://docs.aws.amazon.com/serverlessrepo/latest/devguide/acknowledging-application-capabilities.html).| April 15, 2026