AWS AWSSimpleQueueService documentation change
Summary
Clarified language about adding kms:Decrypt permission for Lambda functions accessing encrypted queues
Security assessment
The change improves clarity but does not address a specific security issue or add new security documentation
Diff
diff --git a/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md index fc5d38c4c..c53ad3b66 100644 --- a/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md +++ b/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-lambda-function-trigger.md @@ -29 +29 @@ A Lambda function can process multiple queues by creating a separate event sourc -If Lambda does not poll messages from an encrypted queue, add the `kms:Decrypt` permission to the Lambda execution role. +If you associate an encrypted queue with a Lambda function but Lambda doesn't poll for messages, add the `kms:Decrypt` permission to your Lambda execution role.