AWS r53recovery medium security documentation change
Summary
Added note about iam:PassRole requirement for manual approval roles
Security assessment
Reinforces IAM security control by mandating PassRole permission, preventing unauthorized role assumption which could lead to approval process compromise.
Diff
diff --git a/r53recovery/latest/dg/security_iam_region_switch_manual_approval.md b/r53recovery/latest/dg/security_iam_region_switch_manual_approval.md index 2ff931d98..03acec90b 100644 --- a//r53recovery/latest/dg/security_iam_region_switch_manual_approval.md +++ b//r53recovery/latest/dg/security_iam_region_switch_manual_approval.md @@ -31,0 +32,4 @@ JSON +###### Note + +In addition to this IAM policy, the role used to create or update a plan with a manual approval execution block requires `iam:PassRole` permission for the manual approval role. +