AWS imagebuilder documentation change
Summary
Removed example IAM policies for KMS key access
Security assessment
Policy examples removal doesn't indicate security fixes but rather content reorganization. No evidence of security vulnerability being addressed.
Diff
diff --git a/imagebuilder/latest/userguide/data-protection.md b/imagebuilder/latest/userguide/data-protection.md index 1d1a52be9..23d31e118 100644 --- a//imagebuilder/latest/userguide/data-protection.md +++ b//imagebuilder/latest/userguide/data-protection.md @@ -66,34 +65,0 @@ For more information about customer managed keys, see [ Managing access to custo - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Allow access to build images with encrypted workflow", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:role/YourImageBuilderExecutionRole" - }, - "Action": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "Resource": "*", - "Condition": { - "StringLike": { - "kms:EncryptionContext:aws:imagebuilder:arn": "arn:aws:imagebuilder:*:111122223333:workflow/*" - } - } - }, - { - "Sid": "Allow access for key administrators", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:root" - }, - "Action": [ - "kms:*" - ], - "Resource": "arn:aws:kms:*:111122223333:key/" - } - ] - } - @@ -107,20 +72,0 @@ Edit the policy for your workflow execution role to add the following policy sta - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Allow access to the workflow key", - "Effect": "Allow", - "Action": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "Resource": "arn:aws:kms:us-west-2:111122223333:key/key_ID", - "Condition": { - "StringLike": { - "kms:EncryptionContext:aws:imagebuilder:arn": "arn:aws:imagebuilder:*:111122223333:workflow/*" - } - } - } - ] - } -