AWS AmazonCloudWatch medium security documentation change
Summary
Fixed syntax in KMS key policy and IAM policy examples by adding a missing comma after 'kms:GenerateDataKey*'
Security assessment
The missing comma could cause policy syntax errors, potentially preventing proper encryption of log data. Correcting this ensures KMS encryption works as intended, addressing a security risk of unencrypted logs.
Diff
diff --git a/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md b/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md index ff90ea26c..cb67809a3 100644 --- a//AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md +++ b//AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md @@ -172 +172 @@ To add permissions in the AWS KMS Key Policy, add the following additional state - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", @@ -199,2 +199 @@ Alternatively if you would like to manage role permissions in IAM, you can add e - "kms:GenerateDataKey* - ", + "kms:GenerateDataKey*",