AWS systems-manager high security documentation change
Summary
Removed note about requiring KMS key permissions for encrypted EBS volumes when using Resource Scheduler to start instances.
Security assessment
Omission of KMS permissions guidance could lead to misconfigured IAM roles, preventing Resource Scheduler from starting instances with encrypted volumes. This impacts security posture by potentially causing operational failures and access issues.
Diff
diff --git a/systems-manager/latest/userguide/quick-setup-scheduler.md b/systems-manager/latest/userguide/quick-setup-scheduler.md index e6f7c7238..da2f6cba7 100644 --- a/systems-manager/latest/userguide/quick-setup-scheduler.md +++ b/systems-manager/latest/userguide/quick-setup-scheduler.md @@ -13 +13 @@ For example, you currently might leave your instances running constantly, even t -Using Resource Scheduler, you can choose to automatically stop and start instances across multiple AWS Regions and AWS accounts according to a schedule you define. The Quick Setup configuration targets Amazon EC2 instances using the tag key and value that you specify. Only the instances with a tag matching the value that you specify in your configuration are stopped or started by Resource Scheduler. Note that if the Amazon EBS volumes attached to the instance are encrypted, you must add the required permissions for the AWS KMS key to the IAM role for Resource Scheduler to start the instance. +Using Resource Scheduler, you can choose to automatically stop and start instances across multiple AWS Regions and AWS accounts according to a schedule you define. The Quick Setup configuration targets Amazon EC2 instances using the tag key and value that you specify. Only the instances with a tag matching the value that you specify in your configuration are stopped or started by Resource Scheduler.