Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security hub outgoing permission template

Yannick Mbimbe
Yannick Mbimbe
January 23, 2026

Hi,

Late last week I start noticing my terraform build was failing every time I was trying to deploy my JSM access role, which was previously working. It's been failing with this error message:

MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::186683438898:role/jsm-securityhub-app

I notice the jsm-securityhub-app role for this specific AWS account doesn't exist anymore.

The role for the other 11 Atlassian AWS accounts are still there and still working.

Is 186683438898 been deprecated ? If yes is there a way I can get informed when one of your AWS account get deprecated ? 

I used this page 
https://support.atlassian.com/jira-service-management-cloud/docs/integrate-with-amazon-security-hub/
to add all those accounts in my infrastructure.

I have removed 186683438898 for now to ensure my build doesn't fail.

Thanks,
Yannick

Answer
Watch
Like Be the first to like this
116 views

2 answers

1 accepted

1 vote
Answer accepted
Yannick Mbimbe
Yannick Mbimbe
January 26, 2026

Hi Marc,

Thanks for getting back to me and for the clarification.

I was under the impression that the AWS accounts referenced in the JSM Security Hub integration documentation were managed by Atlassian. If that’s not the case, I’ll take a different approach and investigate this further on my side.

One follow-up question: does Atlassian maintain an official or up-to-date list of AWS account IDs used for the Security Hub integration? 

Thanks again for your help.

Thanks,
Yannick

View More Comments
Marc -Devoteam-
Marc -Devoteam-
Community Champion
January 27, 2026

Hi @Yannick Mbimbe 

No there is no AWS account ID list for integration, this is based on the Atlassian account(s) used for the integration.

In the integration there must be an account an api or oauth mentioned that is used to trigger actions in Jira

Please accept my answer if it helped solving your question.

Like
Yannick Mbimbe
Yannick Mbimbe
January 27, 2026

Hi @Marc -Devoteam- 

Thanks again for the clarification. This is useful information.

Thanks,
Yannick

Like Marc -Devoteam- likes this
Reply
2 votes
Marc -Devoteam-
Marc -Devoteam-
Community Champion
January 26, 2026

Hi @Yannick Mbimbe 

Welcome to the community.

You will have to reach out to your AWS admins, or you might be one.

This is not related to JSM, it's an AWS issue, related to the role in AWS.

Possible causes:

  1. Non-existent: IAM role may have been deleted or does not exist in the AWS account. example, if a role like jsm-securityhub-app is referenced but has been removed, this error will occur.
  2. Incorrect Principal Format: Principal element in the policy must be correctly formatted. It should include valid ARNs for IAM users or roles, AWS account IDs, or service principals.
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
ENTERPRISE
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security