AWS resilience-hub documentation change
Summary
Added documentation for AWSResilienceHubV2AssessmentExecutionPolicy managed policy and clarified IAM role requirements
Security assessment
Documents a security feature (managed IAM policy) enforcing least-privilege access, but doesn't indicate resolution of a specific vulnerability.
Diff
diff --git a/resilience-hub/latest/userguide/next-gen-iam-permissions.md b/resilience-hub/latest/userguide/next-gen-iam-permissions.md index 85f0d170d..3f160d4b7 100644 --- a//resilience-hub/latest/userguide/next-gen-iam-permissions.md +++ b//resilience-hub/latest/userguide/next-gen-iam-permissions.md @@ -8,0 +9,4 @@ +**AWS managed policy** + +You can attach the [AWSResilienceHubV2AssessmentExecutionPolicy](https://docs.aws.amazon.com//resilience-hub/latest/userguide/security-iam-awsmanpol.html#security_iam_aws-v2-assessment-policy) to your IAM identities. While running an assessment, this policy grants read-only access permissions to other AWS services for resilience discovery, assessment, and management. + @@ -11 +15 @@ -In order to run an assessment, the next generation of Resilience Hub needs to be able to assume an IAM role with a number of read-only permissions to discover and understand configuration of your AWS resources. +To run an assessment, the next generation of Resilience Hub must assume an IAM role with read-only permissions. This role discovers and reads the configuration of your AWS resources.