AWS Security ChangesHomeSearch

AWS tag-editor documentation change

Service: tag-editor · 2025-02-26 · Documentation low

File: tag-editor/latest/userguide/tag-policies-orgs.md

Summary

Added requirement for kms:GenerateDataKey permission when using SSE-KMS encrypted S3 buckets

Security assessment

Documents required security permissions for proper encryption configuration but doesn't address a specific security vulnerability

Diff

diff --git a/tag-editor/latest/userguide/tag-policies-orgs.md
index 250ad1ca5..6f8374e65 100644
--- a/tag-editor/latest/userguide/tag-policies-orgs.md
+++ b/tag-editor/latest/userguide/tag-policies-orgs.md
@@ -102,0 +103,2 @@ Evaluating organization-wide compliance with tag policies requires the following
+If the Amazon S3 bucket where the report is being delivered is encrypted via SSE-KMS, you must also have the `kms:GenerateDataKey` permission for that bucket. 
+