AWS mgn documentation change
Summary
Added two policy updates: AWSApplicationMigrationReadOnlyAccess now includes ssm:GetParameter permission for exporting post-launch actions, and AWSApplicationMigrationNetworkMigrationMultiAccount adds ec2:DescribeAvailabilityZones permission for resolving AZ mappings.
Security assessment
These are routine permission expansions for operational functionality without evidence of addressing security vulnerabilities. No security weaknesses or incidents are mentioned.
Diff
diff --git a/mgn/latest/ug/security-iam-awsmanpol.md b/mgn/latest/ug/security-iam-awsmanpol.md index 21685e5f7..298d0faf4 100644 --- a//mgn/latest/ug/security-iam-awsmanpol.md +++ b//mgn/latest/ug/security-iam-awsmanpol.md @@ -26,0 +27,2 @@ Change | Description | Date +[AWSApplicationMigrationReadOnlyAccess](./security-iam-awsmanpol-AWSApplicationMigrationReadOnlyAccess.html#security-iam-awsmanpol-AWSApplicationMigrationReadOnlyAccess.title) – Updated policy | Added `ssm:GetParameter` permission to allow exporting post launch actions in the export file. | July 02, 2026 +[AWSApplicationMigrationNetworkMigrationMultiAccount](./security-iam-awsmanpol-AWSApplicationMigrationNetworkMigrationMultiAccount.html#security-iam-awsmanpol-AWSApplicationMigrationNetworkMigrationMultiAccount.title) – Updated policy | Added `ec2:DescribeAvailabilityZones` permission to resolve Availability Zone mappings in target member accounts. | June 28, 2026