AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-04-11 · Security-related medium

File: AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md

Summary

Modified example IAM policy to restrict action from wildcard (*) to specific kms:CreateKey permission

Security assessment

Demonstrates security best practice by enforcing least privilege access in policy examples

Diff

diff --git a/AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md b/AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md
index cde92c4c6..4b88524c8 100644
--- a//AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md
+++ b//AWSCloudFormation/latest/UserGuide/fas-requests-and-permission-evaluation.md
@@ -23 +23 @@ Consider the following IAM policy. `Statement2` will consistently prevent the cr
-                    "*"
+                    "kms:CreateKey"