AWS amazonq documentation change
Summary
Updated example KMS policy with concrete account ID (111122223333) and region-specific service endpoint
Security assessment
Change improves security documentation clarity by using standard AWS example account ID and explicit service endpoint, but does not address a specific vulnerability. Enhances security best practice examples without fixing a known issue.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md b/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md index db2775ed4..e6beda935 100644 --- a//amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md +++ b//amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md @@ -33 +33 @@ JSON - "AWS": "arn:aws:iam::{{awsAccountId}}:role/{{rolename}}" + "AWS": "arn:aws:iam::111122223333:role/{{rolename}}" @@ -47 +47 @@ JSON - "kms:ViaService": "q.{{region}}.amazonaws.com", + "kms:ViaService": "q.us-east-1.amazonaws.com",