AWS Security ChangesHomeSearch

AWS devopsagent documentation change

Service: devopsagent · 2026-06-04 · Documentation medium

File: devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md

Summary

Added required IAM permissions for Athena, Glue, and KMS services

Security assessment

Documents necessary permissions for secure access control, including sensitive KMS:Decrypt action for encrypted resources.

Diff

diff --git a/devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md b/devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md
index e4bb59f19..7551a10ce 100644
--- a//devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md
+++ b//devopsagent/latest/userguide/aws-devops-agent-security-limiting-agent-access-in-an-aws-account.md
@@ -78,0 +79 @@ Service | Actions | Use case
+Amazon Athena | `athena:GetQuery*`, `athena:StartQueryExecution`, `athena:StopQueryExecution` | Run Athena queries against your data catalog and retrieve managed query results  
@@ -80,0 +82,2 @@ AWS Direct Connect | `directconnect:DescribeConnections`, `directconnect:Describ
+AWS Glue | `glue:GetPartitions` | Read partition metadata from the Glue Data Catalog for Athena queries  
+AWS KMS | `kms:Decrypt` | Decrypt encrypted resources such as S3 objects