AWS dms high security documentation change
Summary
Added IAM role permission requirement for KMS key usage in S3 target encryption
Security assessment
Explicitly states required IAM permissions for encryption key access, addressing potential misconfiguration that could lead to unauthorized access
Diff
diff --git a/dms/latest/userguide/CHAP_Target.S3.md b/dms/latest/userguide/CHAP_Target.S3.md index babe4795a..c74c08513 100644 --- a//dms/latest/userguide/CHAP_Target.S3.md +++ b//dms/latest/userguide/CHAP_Target.S3.md @@ -412 +412 @@ You can create and use custom AWS KMS keys to encrypt your Amazon S3 target obje -Here, ``your-KMS-key-ARN`` is the Amazon Resource Name (ARN) for your KMS key. For more information, see Using data encryption, parquet files, and CDC on your Amazon S3 target. +Here, your-``your-KMS-key-ARN`` is the Amazon Resource Name (ARN) for your KMS key and it is required your IAM role has access permissions, see Using data encryption, parquet files, and CDC on your Amazon S3 target.