AWS kms documentation change
Summary
Updated terminology links from 'aws-owned-cmk'/'customer-cmk' to 'aws-owned-key'/'customer-mgn-key' anchors
Security assessment
Change updates documentation links to concept anchors but maintains the same security guidance about least privilege key policies. No evidence of addressing vulnerabilities or changing security practices.
Diff
diff --git a/kms/latest/developerguide/key-policy-services.md b/kms/latest/developerguide/key-policy-services.md index 325c92a36..1c3f6c80a 100644 --- a//kms/latest/developerguide/key-policy-services.md +++ b//kms/latest/developerguide/key-policy-services.md @@ -7 +7 @@ -Many AWS services use AWS KMS keys to protect the resources they manage. When a service uses [AWS owned keys](./concepts.html#aws-owned-cmk) or [AWS managed keys](./concepts.html#aws-managed-cmk), the service establishes and maintains the key policies for these KMS keys. +Many AWS services use AWS KMS keys to protect the resources they manage. When a service uses [AWS owned keys](./concepts.html#aws-owned-key) or [AWS managed keys](./concepts.html#aws-managed-key), the service establishes and maintains the key policies for these KMS keys. @@ -9 +9 @@ Many AWS services use AWS KMS keys to protect the resources they manage. When a -However, when you use a [customer managed key](./concepts.html#customer-cmk) with an AWS service, you set and maintain the key policy. That key policy must allow the service the minimum permissions that it requires to protect the resource on your behalf. We recommend that you follow the principle of least privilege: give the service only the permissions that it requires. You can do this effectively by learning which permissions the service needs and using [AWS global condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) and [AWS KMS condition keys](./policy-conditions.html) to refine the permissions. +However, when you use a [customer managed key](./concepts.html#customer-mgn-key) with an AWS service, you set and maintain the key policy. That key policy must allow the service the minimum permissions that it requires to protect the resource on your behalf. We recommend that you follow the principle of least privilege: give the service only the permissions that it requires. You can do this effectively by learning which permissions the service needs and using [AWS global condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) and [AWS KMS condition keys](./policy-conditions.html) to refine the permissions.