AWS Security ChangesHomeSearch

AWS AWSSimpleQueueService documentation change

Service: AWSSimpleQueueService · 2025-02-27 · Documentation low

File: AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md

Summary

Clarified language about adding kms:Decrypt permission for Lambda functions accessing encrypted queues

Security assessment

The change improves clarity but does not address a specific security issue or add new security documentation

Diff

diff --git a/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md
index fc5d38c4c..c53ad3b66 100644
--- a/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md
+++ b/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md
@@ -29 +29 @@ A Lambda function can process multiple queues by creating a separate event sourc
-If Lambda does not poll messages from an encrypted queue, add the `kms:Decrypt` permission to the Lambda execution role.
+If you associate an encrypted queue with a Lambda function but Lambda doesn't poll for messages, add the `kms:Decrypt` permission to your Lambda execution role.