AWS compute-optimizer documentation change
Summary
Added kms:Decrypt permission to KMS policy example for encrypted S3 buckets
Security assessment
Corrects policy documentation to include required Decrypt permission for proper encryption handling, improving security documentation but not addressing an active vulnerability.
Diff
diff --git a/compute-optimizer/latest/ug/using-encrypted-s3-buckets.md b/compute-optimizer/latest/ug/using-encrypted-s3-buckets.md index 228fe2884..f79c5a49d 100644 --- a//compute-optimizer/latest/ug/using-encrypted-s3-buckets.md +++ b//compute-optimizer/latest/ug/using-encrypted-s3-buckets.md @@ -63 +63,4 @@ Use the following policy if you _didn't enable_ Amazon S3 bucket keys. - "Action": "kms:GenerateDataKey", + "Action": [ + "kms:GenerateDataKey", + "kms:Decrypt" + ],