AWS iot-fleetwise documentation change
Summary
Updated CLI command formatting, parameter name correction (KMS key id → kms_key_id), and added required KMS permissions (Encrypt, ReEncrypt*) in multiple policy examples
Security assessment
The changes add required KMS permissions to policy examples and improve encryption configuration guidance, which enhances security documentation but does not indicate a specific security vulnerability being addressed.
Diff
diff --git a/iot-fleetwise/latest/developerguide/key-management.md b/iot-fleetwise/latest/developerguide/key-management.md index f9503df1f..52b5205fa 100644 --- a//iot-fleetwise/latest/developerguide/key-management.md +++ b//iot-fleetwise/latest/developerguide/key-management.md @@ -82 +82 @@ To enable encryption, run the following command. - * Replace `KMS key id` with the ID of the KMS key. + * Replace `kms_key_id` with the ID of the KMS key. @@ -88 +88,3 @@ To enable encryption, run the following command. - aws iotfleetwise put-encryption-configuration —kms-key-id KMS key id —encryption-type KMS_BASED_ENCRYPTION + aws iotfleetwise put-encryption-configuration \ + --encryption-type KMS_BASED_ENCRYPTION \ + --kms-key-id kms_key_id @@ -112,0 +115 @@ After you create a KMS key, you must, at minimum, add the following statement to + "kms:Encrypt", @@ -113,0 +117 @@ After you create a KMS key, you must, at minimum, add the following statement to + "kms:ReEncrypt*", @@ -137,0 +142 @@ The following policy includes a service principal (an identifier for a service), + "kms:Encrypt", @@ -138,0 +144 @@ The following policy includes a service principal (an identifier for a service), + "kms:ReEncrypt*", @@ -140 +146 @@ The following policy includes a service principal (an identifier for a service), - "kms:DescribeKey", + "kms:DescribeKey" @@ -178,0 +185 @@ If you enabled AWS KMS encryption, you must specify permissions in the role poli + "kms:Encrypt", @@ -179,0 +187 @@ If you enabled AWS KMS encryption, you must specify permissions in the role poli + "kms:ReEncrypt*", @@ -200,0 +209 @@ The following policy statement is required for your role to invoke encryption AP + "kms:Encrypt", @@ -201,0 +211 @@ The following policy statement is required for your role to invoke encryption AP + "kms:ReEncrypt*",