AWS Security ChangesHomeSearch

AWS acm documentation change

Service: acm · 2026-07-01 · Documentation low

File: acm/latest/userguide/security-iam-awsmanpol.md

Summary

Added ACME read permissions to AWSCertificateManagerReadOnly policy

Security assessment

Expands IAM permissions for ACME security feature access. Policy update doesn't address specific vulnerability.

Diff

diff --git a/acm/latest/userguide/security-iam-awsmanpol.md b/acm/latest/userguide/security-iam-awsmanpol.md
index 65c5c6208..0ccc119b7 100644
--- a//acm/latest/userguide/security-iam-awsmanpol.md
+++ b//acm/latest/userguide/security-iam-awsmanpol.md
@@ -21 +21 @@ For more information, see [AWS managed policies](https://docs.aws.amazon.com/IAM
-This policy provides read–only access to ACM certificates; it allows users to describe, list, search, and retrieve ACM certificates. 
+This policy provides read–only access to ACM certificates; it allows users to describe, list, search, and retrieve ACM certificates. The policy also includes describe and list permissions for ACME certificate automation resources.
@@ -40,0 +41 @@ Change | Description | Date
+Added ACME read action support to the AWSCertificateManagerReadOnly policy. | The `AWSCertificateManagerReadOnly` policy now includes permission to call the `DescribeAcmeAccount`, `DescribeAcmeDomainValidation`, `DescribeAcmeEndpoint`, `DescribeAcmeExternalAccountBinding`, `ListAcmeAccounts`, `ListAcmeDomainValidations`, `ListAcmeEndpoints`, `ListAcmeExternalAccountBindings`, and `ListTagsForResource` API actions. | June 30, 2026