AWS kms documentation change
Summary
Updated terminology link from 'aws-managed-cmk' to 'aws-managed-key'
Security assessment
Change only fixes a documentation link reference without altering security content
Diff
diff --git a/kms/latest/developerguide/create-grant-overview.md b/kms/latest/developerguide/create-grant-overview.md index 89e78a7a8..6c43c491f 100644 --- a//kms/latest/developerguide/create-grant-overview.md +++ b//kms/latest/developerguide/create-grant-overview.md @@ -164 +164 @@ However, a request like the following from the grantee principal would satisfy t -AWS services often use encryption context constraints in the grants that give them permission to use KMS keys in your AWS account. For example, Amazon DynamoDB uses a grant like the following one to get permission to use the [AWS managed key](./concepts.html#aws-managed-cmk) for DynamoDB in your account. The `EncryptionContextSubset` grant constraint in this grant makes the permissions in the grant effective only when the encryption context in the request includes `"subscriberID": "111122223333"` and `"tableName": "Services"` pairs. This grant constraint means that the grant allows DynamoDB to use the specified KMS key only for a particular table in your AWS account. +AWS services often use encryption context constraints in the grants that give them permission to use KMS keys in your AWS account. For example, Amazon DynamoDB uses a grant like the following one to get permission to use the [AWS managed key](./concepts.html#aws-managed-key) for DynamoDB in your account. The `EncryptionContextSubset` grant constraint in this grant makes the permissions in the grant effective only when the encryption context in the request includes `"subscriberID": "111122223333"` and `"tableName": "Services"` pairs. This grant constraint means that the grant allows DynamoDB to use the specified KMS key only for a particular table in your AWS account.