AWS security-ir documentation change
Summary
Updated service-linked role creation information to clarify automatic creation during console onboarding
Security assessment
The change clarifies when automatic role creation occurs but contains no evidence of fixing a security vulnerability. It's a documentation improvement for setup procedures without security implications.
Diff
diff --git a/security-ir/latest/userguide/setup-monitoring-and-investigation-workflows.md b/security-ir/latest/userguide/setup-monitoring-and-investigation-workflows.md index f9ddc9b53..e106cd9ad 100644 --- a//security-ir/latest/userguide/setup-monitoring-and-investigation-workflows.md +++ b//security-ir/latest/userguide/setup-monitoring-and-investigation-workflows.md @@ -17 +17 @@ AWS Security Incident Response monitors and investigates findings across all cov -_AWS Security Incident Response can't create the service-linked role in the management account. You must create this role manually in the management account. For more information, see the**Important** note in [ Select a membership account](https://docs.aws.amazon.com/security-ir/latest/userguide/select-a-membership-account.html)._ +If you [onboard](./deploy-configure.html) to AWS Security Incident Response in the AWS Management Console, Security Incident Response automatically creates the `AWSServiceRoleForSecurityIncidentResponse_Triage` service-linked role in your AWS Organizations management account and in all accounts that are in scope. If you onboarding using the API/CLI, then you must create the role manually. For more information, see [Enable Security Incident Response and configure your incident response team using the API/CLI](./enable-sir-using-cli.html).