AWS acm documentation change
Summary
Added ACME read permissions to AWSCertificateManagerReadOnly policy
Security assessment
Expands IAM permissions for ACME security feature access. Policy update doesn't address specific vulnerability.
Diff
diff --git a/acm/latest/userguide/security-iam-awsmanpol.md b/acm/latest/userguide/security-iam-awsmanpol.md index 65c5c6208..0ccc119b7 100644 --- a//acm/latest/userguide/security-iam-awsmanpol.md +++ b//acm/latest/userguide/security-iam-awsmanpol.md @@ -21 +21 @@ For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM -This policy provides read–only access to ACM certificates; it allows users to describe, list, search, and retrieve ACM certificates. +This policy provides read–only access to ACM certificates; it allows users to describe, list, search, and retrieve ACM certificates. The policy also includes describe and list permissions for ACME certificate automation resources. @@ -40,0 +41 @@ Change | Description | Date +Added ACME read action support to the AWSCertificateManagerReadOnly policy. | The `AWSCertificateManagerReadOnly` policy now includes permission to call the `DescribeAcmeAccount`, `DescribeAcmeDomainValidation`, `DescribeAcmeEndpoint`, `DescribeAcmeExternalAccountBinding`, `ListAcmeAccounts`, `ListAcmeDomainValidations`, `ListAcmeEndpoints`, `ListAcmeExternalAccountBindings`, and `ListTagsForResource` API actions. | June 30, 2026