AWS Security ChangesHomeSearch

AWS resilience-hub documentation change

Service: resilience-hub · 2026-06-19 · Documentation medium

File: resilience-hub/latest/userguide/next-gen-iam-permissions.md

Summary

Added documentation for AWSResilienceHubV2AssessmentExecutionPolicy managed policy and clarified IAM role requirements

Security assessment

Documents a security feature (managed IAM policy) enforcing least-privilege access, but doesn't indicate resolution of a specific vulnerability.

Diff

diff --git a/resilience-hub/latest/userguide/next-gen-iam-permissions.md b/resilience-hub/latest/userguide/next-gen-iam-permissions.md
index 85f0d170d..3f160d4b7 100644
--- a//resilience-hub/latest/userguide/next-gen-iam-permissions.md
+++ b//resilience-hub/latest/userguide/next-gen-iam-permissions.md
@@ -8,0 +9,4 @@
+**AWS managed policy**
+
+You can attach the [AWSResilienceHubV2AssessmentExecutionPolicy](https://docs.aws.amazon.com//resilience-hub/latest/userguide/security-iam-awsmanpol.html#security_iam_aws-v2-assessment-policy) to your IAM identities. While running an assessment, this policy grants read-only access permissions to other AWS services for resilience discovery, assessment, and management.
+
@@ -11 +15 @@
-In order to run an assessment, the next generation of Resilience Hub needs to be able to assume an IAM role with a number of read-only permissions to discover and understand configuration of your AWS resources.
+To run an assessment, the next generation of Resilience Hub must assume an IAM role with read-only permissions. This role discovers and reads the configuration of your AWS resources.