AWS Security ChangesHomeSearch

AWS msk documentation change

Service: msk · 2026-07-01 · Documentation low

File: msk/latest/developerguide/msk-replicator-ser.md

Summary

Replaced content about restricting Kafka permissions with information about throughput quotas when reusing service execution roles across MSK Replicators.

Security assessment

The change discusses resource quotas and role management rather than addressing security vulnerabilities. No security weaknesses or incidents are mentioned.

Diff

diff --git a/msk/latest/developerguide/msk-replicator-ser.md b/msk/latest/developerguide/msk-replicator-ser.md
index d681eeb86..0f621e185 100644
--- a//msk/latest/developerguide/msk-replicator-ser.md
+++ b//msk/latest/developerguide/msk-replicator-ser.md
@@ -33 +33 @@ The service execution role must have a trust policy that allows the `kafka.amazo
-If you want to restrict `kafka-cluster:WriteData` permission, refer to the _Create authorization policies_ section of [How IAM access control for Amazon MSK works](https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#how-to-use-iam-access-control). You need to add `kafka-cluster:WriteDataIdempotently` permission to both the source and target cluster.
+If you reuse a service execution role between multiple MSK Replicators, they share the same Kafka per-principal throughput quotas (bytes per second and request rate). If you want to maintain separate throughput quotas per Replicator, use separate service execution roles.
@@ -35 +35 @@ If you want to restrict `kafka-cluster:WriteData` permission, refer to the _Crea
-If you reuse a service execution role between multiple MSK Replicators, they are all subject to the same Kafka quotas. If you want to maintain separate quotas per Replicator, use separate service execution roles.
+For more information about the permissions that the service execution role requires for each replicator feature, see [Service execution role permissions reference](./msk-replicator-permissions-reference.html).