AWS Security ChangesHomeSearch

AWS eventbridge documentation change

Service: eventbridge · 2025-03-02 · Documentation low

File: eventbridge/latest/userguide/eb-encryption-pipes-cmkey.md

Summary

Reorganized KMS key permissions and added specific role-based permissions for pipe execution

Security assessment

The changes improve security documentation by clarifying role-based permissions but don't address a specific security issue

Diff

diff --git a/eventbridge/latest/userguide/eb-encryption-pipes-cmkey.md
index 033e77aa9..a8ca164ce 100644
--- a/eventbridge/latest/userguide/eb-encryption-pipes-cmkey.md
+++ b/eventbridge/latest/userguide/eb-encryption-pipes-cmkey.md
@@ -66,2 +65,0 @@ As a security best practice, we recommend you include condition keys in the key
-            "kms:GenerateDataKey",
-            "kms:Decrypt",
@@ -69,0 +68,11 @@ As a security best practice, we recommend you include condition keys in the key
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "arn:aws:iam::account-id:role/pipe-execution-role"
+          },
+          "Action": [
+            "kms:GenerateDataKey",
+            "kms:Decrypt"
+          ],