AWS awscloudtrail documentation change
Summary
Updated UI navigation steps for attaching KMS policy and expanded encryption scope documentation
Security assessment
Changes describe UI workflow updates and expanded encryption coverage to include digest files/event data stores, but do not address specific vulnerabilities or weaknesses
Diff
diff --git a/awscloudtrail/latest/userguide/granting-kms-permissions.md b/awscloudtrail/latest/userguide/granting-kms-permissions.md index 16c29d4a2..6f8cc9e79 100644 --- a//awscloudtrail/latest/userguide/granting-kms-permissions.md +++ b//awscloudtrail/latest/userguide/granting-kms-permissions.md @@ -15 +15 @@ You can grant users permission to create an AWS KMS key with the [`AWSKeyManagem - 3. Choose **Permissions** , and then choose **Attach Policy**. + 3. Choose the **Permissions** tab. @@ -17 +17,3 @@ You can grant users permission to create an AWS KMS key with the [`AWSKeyManagem - 4. Search for **AWSKeyManagementServicePowerUser** , choose the policy, and then choose **Attach policy**. + 4. From the **Add permissions** list, choose **Attach policies**. + + 5. Search for **AWSKeyManagementServicePowerUser** , choose the policy, and then choose **Attach policies**. @@ -30 +32 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Encrypting CloudTrail log files with AWS KMS keys (SSE-KMS) +Encrypting CloudTrail log files, digest files, and event data stores with AWS KMS keys (SSE-KMS)