AWS Security ChangesHomeSearch

AWS security-ir medium security documentation change

Service: security-ir · 2026-06-22 · Security-related medium

File: security-ir/latest/userguide/deploy-configure.md

Summary

Added note clarifying that IAM principal requires AdministratorAccess permissions during delegated administrator setup

Security assessment

The change addresses a potential misconfiguration where insufficient IAM permissions (PowerUserAccess) could cause silent enablement failures. This directly impacts security by preventing incomplete security incident response deployments.

Diff

diff --git a/security-ir/latest/userguide/deploy-configure.md b/security-ir/latest/userguide/deploy-configure.md
index 24f494a20..d9896a2cd 100644
--- a//security-ir/latest/userguide/deploy-configure.md
+++ b//security-ir/latest/userguide/deploy-configure.md
@@ -24,0 +25,4 @@ The instructions in this section outline how to enable Security Incident Respons
+###### Note
+
+The IAM principal on the delegated administrator account must have `AdministratorAccess` permissions. If the principal has insufficient permissions (for example, `PowerUserAccess` only), this step fails. The error message might not indicate a permissions issue.
+