AWS Security ChangesHomeSearch

AWS security-ir documentation change

Service: security-ir · 2026-06-28 · Documentation low

File: security-ir/latest/userguide/containment-only-template.md

Summary

Expanded template description to clarify use case, added details about created IAM roles, and listed specific containment actions enabled by the template.

Security assessment

The change enhances documentation about security containment capabilities during incidents, specifically describing IAM roles and isolation mechanisms. While it improves security documentation, there's no evidence of addressing a specific vulnerability.

Diff

diff --git a/security-ir/latest/userguide/containment-only-template.md b/security-ir/latest/userguide/containment-only-template.md
index d5adf55fd..489713514 100644
--- a//security-ir/latest/userguide/containment-only-template.md
+++ b//security-ir/latest/userguide/containment-only-template.md
@@ -9 +9,12 @@
-This template creates the minimum required roles for containment actions. Use this template if you do not require EC2 Triage functionality.
+Use this template if you want the service to isolate compromised resources during an incident but don't need forensic data collection from running instances.
+
+This template creates two IAM roles:
+
+  * `AWSSecurityIncidentResponseContainment` – Assumed by AWS Security Incident Response to initiate containment automation workflows through AWS Systems Manager.
+
+  * `AWSSecurityIncidentResponseContainmentExecution` – Assumed by AWS Systems Manager to execute the containment actions on your resources.
+
+
+
+
+These roles enable three containment actions: isolating Amazon EC2 instances from network traffic, revoking IAM principal access, and restricting Amazon S3 bucket access.
@@ -280 +291 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-CloudFormation templates
+Select a template