AWS security-ir medium security documentation change
Summary
Added note clarifying that IAM principal requires AdministratorAccess permissions during delegated administrator setup
Security assessment
The change addresses a potential misconfiguration where insufficient IAM permissions (PowerUserAccess) could cause silent enablement failures. This directly impacts security by preventing incomplete security incident response deployments.
Diff
diff --git a/security-ir/latest/userguide/deploy-configure.md b/security-ir/latest/userguide/deploy-configure.md index 24f494a20..d9896a2cd 100644 --- a//security-ir/latest/userguide/deploy-configure.md +++ b//security-ir/latest/userguide/deploy-configure.md @@ -24,0 +25,4 @@ The instructions in this section outline how to enable Security Incident Respons +###### Note + +The IAM principal on the delegated administrator account must have `AdministratorAccess` permissions. If the principal has insufficient permissions (for example, `PowerUserAccess` only), this step fails. The error message might not indicate a permissions issue. +