AWS resource-explorer documentation change
Summary
Expanded service-linked role permissions to view additional resource types
Security assessment
Routine permission expansion for service functionality. No security vulnerability addressed, but updates security documentation.
Diff
diff --git a/resource-explorer/latest/userguide/security_iam_awsmanpol.md b/resource-explorer/latest/userguide/security_iam_awsmanpol.md index 0946504de..3cafee76a 100644 --- a//resource-explorer/latest/userguide/security_iam_awsmanpol.md +++ b//resource-explorer/latest/userguide/security_iam_awsmanpol.md @@ -153,0 +154,33 @@ Change | Description | Date +AWSResourceExplorerServiceRolePolicy \- Updated policy permissions to view additional resource types | Resource Explorer modified the permissions in the service-linked role policy AWSResourceExplorerServiceRolePolicy. Permissions were added that allows Resource Explorer to view additional resource types: + + * `auditmanager:ListAssessmentFrameworks` + * `auditmanager:ListControls` + * `cloudhsm:DescribeClusters` + * `cloudtrail:ListTags` + * `connect:ListQueueEmailAddresses` + * `gamelift:ListFleets` + * `gamelift:ListGameServerGroups` + * `iot:ListCustomMetrics` + * `iot:ListDimensions` + * `iot:ListOTAUpdates` + * `iot:ListStreams` + * `iot:ListTunnels` + * `partnercentral:GetBenefitApplication` + * `partnercentral:ListBenefitApplications` + * `partnercentral:ListTagsForResource` + * `quicksight:ListFolders` + * `rbin:ListRules` + * `rbin:ListTagsForResource` + * `rekognition:ListCollections` + * `resiliencehub:ListAppAssessments` + * `s3vectors:GetIndex` + * `s3vectors:GetVectorBucket` + * `s3vectors:ListIndexes` + * `s3vectors:ListVectorBuckets` + * `ses:ListEmailTemplates` + * `swf:ListDomains` + * `vpc-lattice:GetAccessLogSubscription` + * `vpc-lattice:ListAccessLogSubscriptions` + * `vpc-lattice:ListTagsForResource` + +| June 23, 2026