AWS Security ChangesHomeSearch

AWS lambda documentation change

Service: lambda · 2026-04-25 · Documentation low

File: lambda/latest/dg/lambda-managed-instances-operator-role.md

Summary

Added 'ec2:DescribeVpcEncryptionControls' permission to the operator role's IAM policy for Lambda managed instances.

Security assessment

The change adds a new IAM permission that allows Lambda to examine VPC encryption control settings, which is related to security configuration monitoring but does not indicate a specific security vulnerability being fixed. It enhances security documentation by specifying required permissions for encryption controls.

Diff

diff --git a/lambda/latest/dg/lambda-managed-instances-operator-role.md b/lambda/latest/dg/lambda-managed-instances-operator-role.md
index 92c88d7e2..6cd7100db 100644
--- a//lambda/latest/dg/lambda-managed-instances-operator-role.md
+++ b//lambda/latest/dg/lambda-managed-instances-operator-role.md
@@ -62 +62,2 @@ The operator role needs permissions to manage capacity providers and the underly
-            "ec2:DescribeSubnets"
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcEncryptionControls"