AWS claude-platform documentation change
Summary
Added AnthropicSelfHostedEnvironmentAccess managed policy documentation for self-hosted workers
Security assessment
Documents a new IAM policy with least-privilege permissions for secure access patterns. This is security documentation but doesn't address a specific vulnerability.
Diff
diff --git a/claude-platform/latest/userguide/iam-policies.md b/claude-platform/latest/userguide/iam-policies.md index b84799de7..809cc1fd8 100644 --- a//claude-platform/latest/userguide/iam-policies.md +++ b//claude-platform/latest/userguide/iam-policies.md @@ -166,0 +167,2 @@ AWS provides managed policies for common access patterns: + * **`AnthropicSelfHostedEnvironmentAccess`:** Grants the permissions a self-hosted sandbox worker needs to poll and process environment work items, read the associated environment, session, and skill resources, and update session state. Attach this policy to the IAM role that your self-hosted environment worker assumes. `AnthropicSelfHostedEnvironmentAccess` is the recommended single-role default; if you run the work poller and the per-session sandbox under separate IAM principals, you can split these permissions across two narrower custom policies for least-privilege. +