AWS iot-fleetwise medium security documentation change
Summary
Updated KMS policy permissions to include kms:Encrypt and kms:ReEncrypt*, reformatted CLI examples, and fixed JSON syntax.
Security assessment
Added critical KMS permissions required for encryption operations. Missing these permissions could lead to misconfigured encryption-at-rest, making this a security-related documentation improvement to prevent potential vulnerabilities.
Diff
diff --git a/iot-fleetwise/latest/developerguide/encryption-at-rest.md b/iot-fleetwise/latest/developerguide/encryption-at-rest.md index 5acba020b..10733632a 100644 --- a//iot-fleetwise/latest/developerguide/encryption-at-rest.md +++ b//iot-fleetwise/latest/developerguide/encryption-at-rest.md @@ -71,0 +72 @@ The following example policy grants AWS IoT FleetWise permissions to use your AW + "kms:Encrypt", @@ -72,0 +74 @@ The following example policy grants AWS IoT FleetWise permissions to use your AW + "kms:ReEncrypt*", @@ -74 +76 @@ The following example policy grants AWS IoT FleetWise permissions to use your AW - "kms:DescribeKey", + "kms:DescribeKey" @@ -77,0 +80,2 @@ The following example policy grants AWS IoT FleetWise permissions to use your AW + ] + } @@ -106,4 +110,2 @@ Your decoder manifest could be stuck in a validating status if you haven't reset - { - aws iotfleetwise put-encryption-configuration --encryption-type - FLEETWISE_DEFAULT_ENCRYPTION - } + aws iotfleetwise put-encryption-configuration \ + --encryption-type FLEETWISE_DEFAULT_ENCRYPTION @@ -113 +114,0 @@ Your decoder manifest could be stuck in a validating status if you haven't reset - { @@ -115 +116 @@ Your decoder manifest could be stuck in a validating status if you haven't reset - --encryption-type "KMS_BASED_ENCRYPTION" + --encryption-type KMS_BASED_ENCRYPTION \ @@ -117 +117,0 @@ Your decoder manifest could be stuck in a validating status if you haven't reset - }