AWS systems-manager documentation change
Summary
Added note about Automation no longer using service-linked roles for CloudWatch monitoring, requiring execution identity permissions
Security assessment
The update documents a security-conscious architecture change (moving from service-linked roles to execution identities) but doesn't indicate remediation of a specific security flaw. It provides guidance for secure configuration practices.
Diff
diff --git a/systems-manager/latest/userguide/using-service-linked-roles.md b/systems-manager/latest/userguide/using-service-linked-roles.md index 4a9fb53ad..5ed1a4a2c 100644 --- a//systems-manager/latest/userguide/using-service-linked-roles.md +++ b//systems-manager/latest/userguide/using-service-linked-roles.md @@ -24,0 +25,4 @@ For information about other services that support service-linked roles, see [AWS +###### Note + +Systems Manager Automation no longer uses the service-linked role for CloudWatch alarm monitoring. This operation now uses your runbook execution identity. Make sure your execution identity has the required permissions. For more information, see [Configuring Automations to monitor CloudWatch Alarms](./automation-cw-alarm-monitoring.html). +