AWS directoryservice documentation change
Summary
Updated contractions ('you'll' to 'you will') and clarified KMS key requirements for cross-account secrets access
Security assessment
Language consistency improvements. Existing security guidance about KMS keys remains unchanged - only apostrophe formatting ('can't' vs 'can’t') was corrected. No new security controls added.
Diff
diff --git a/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md b/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md index 795ee9e9f..c07a60d03 100644 --- a//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md +++ b//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md @@ -9 +9 @@ PrerequisitesStep 1. Create an IAM roleStep 2. Create cross account resource acc -In this procedure, you'll seamlessly join an Amazon EC2 Linux instance to a shared AWS Managed Microsoft AD. To do this, you'll create an AWS Secrets Manager IAM read policy in the EC2 instance role in the account where you wish to launch the EC2 Linux instance. This will be referred to as `Account 2` in this procedure. This instance will be using the AWS Managed Microsoft AD that is being shared from the other account which is referred to as `Account 1`. +In this procedure, you will seamlessly join an Amazon EC2 Linux instance to a shared AWS Managed Microsoft AD. To do this, you will create an AWS Secrets Manager IAM read policy in the EC2 instance role in the account where you wish to launch the EC2 Linux instance. This will be referred to as `Account 2` in this procedure. This instance will be using the AWS Managed Microsoft AD that is being shared from the other account which is referred to as `Account 1`. @@ -13 +13 @@ In this procedure, you'll seamlessly join an Amazon EC2 Linux instance to a shar -Before you can seamlessly join an Amazon EC2 Linux instance to a shared AWS Managed Microsoft AD, you'll need to complete the following: +Before you can seamlessly join an Amazon EC2 Linux instance to a shared AWS Managed Microsoft AD, you will need to complete the following: @@ -24 +24 @@ Before you can seamlessly join an Amazon EC2 Linux instance to a shared AWS Mana -In this step, you'll use the IAM console to create the IAM role that you'll use to domain join your EC2 Linux instance while signed in to `Account 2`. +In this step, you will use the IAM console to create the IAM role that you will use to domain join your EC2 Linux instance while signed in to `Account 2`. @@ -67 +67 @@ To allow users in an account to access AWS Secrets Manager secrets in another ac -This type of access is different than granting access to identities in the same account as the Secrets Manager secret. You must also allow the identity to use [AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) (KMS) key that the secret is encrypted with. This permission is necessary as you can’t use the AWS managed key (`aws/secretsmanager`) for cross-account access. Instead, you'll encrypt your secret with a KMS key that you create, and then attach a key policy to it. To change the encryption key for a secret, see [Modify an AWS Secrets Manager secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_update-secret.html). +This type of access is different than granting access to identities in the same account as the Secrets Manager secret. You must also allow the identity to use [AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) (KMS) key that the secret is encrypted with. This permission is necessary as you can't use the AWS managed key (`aws/secretsmanager`) for cross-account access. Instead, you will encrypt your secret with a KMS key that you create, and then attach a key policy to it. To change the encryption key for a secret, see [Modify an AWS Secrets Manager secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_update-secret.html).