AWS Security ChangesHomeSearch

AWS neptune high security documentation change

Service: neptune · 2025-06-19 · Security-related high

File: neptune/latest/userguide/encrypt.md

Summary

Removed root principal access from KMS key policy example and updated policy explanation

Security assessment

Eliminated overly permissive 'arn:aws:iam::123456789012:root' principal with full KMS access, which reduces potential privilege escalation risks. Tightened policy explanations emphasize least privilege.

Diff

diff --git a/neptune/latest/userguide/encrypt.md b/neptune/latest/userguide/encrypt.md
index ca51435b3..593c6670e 100644
--- a//neptune/latest/userguide/encrypt.md
+++ b//neptune/latest/userguide/encrypt.md
@@ -59,9 +58,0 @@ Here is an example of a key policy that includes the necessary permissions:
-        {
-          "Sid": "Enable Permissions for root principal",
-          "Effect": "Allow",
-          "Principal": {
-            "AWS": "arn:aws:iam::123456789012:root"
-          },
-          "Action": "kms:*",
-          "Resource": "*"
-        },
@@ -110,3 +101 @@ Here is an example of a key policy that includes the necessary permissions:
-  * The first statement in this policy is optional. It gives access to the user's root principal.
-
-  * The second statement provides access to all the required AWS KMS APIs for this role, scoped down to the RDS Service Principal.
+  * The first statement provides access to all the required AWS KMS APIs for this role, scoped down to the RDS Service Principal.
@@ -114 +103 @@ Here is an example of a key policy that includes the necessary permissions:
-  * The third statement tightens the security more by enforcing that this key is not usable by this role for any other AWS service.
+  * The second statement tightens the security more by enforcing that this key is not usable by this role for any other AWS service.