AWS Security ChangesHomeSearch

AWS compute-optimizer documentation change

Service: compute-optimizer · 2025-04-11 · Documentation medium

File: compute-optimizer/latest/ug/using-encrypted-s3-buckets.md

Summary

Added kms:Decrypt permission to KMS policy example for encrypted S3 buckets

Security assessment

Corrects policy documentation to include required Decrypt permission for proper encryption handling, improving security documentation but not addressing an active vulnerability.

Diff

diff --git a/compute-optimizer/latest/ug/using-encrypted-s3-buckets.md b/compute-optimizer/latest/ug/using-encrypted-s3-buckets.md
index 228fe2884..f79c5a49d 100644
--- a//compute-optimizer/latest/ug/using-encrypted-s3-buckets.md
+++ b//compute-optimizer/latest/ug/using-encrypted-s3-buckets.md
@@ -63 +63,4 @@ Use the following policy if you _didn't enable_ Amazon S3 bucket keys.
-                    "Action": "kms:GenerateDataKey",
+                    "Action": [
+                        "kms:GenerateDataKey",
+                        "kms:Decrypt"
+                    ],