AWS appconfig high security documentation change
Summary
Fixed KMS policy syntax errors and standardized account IDs
Security assessment
Added missing quotes in 'kms:GenerateDataKey' action and corrected account IDs. Syntax errors could have invalidated policies, leading to unintended KMS access.
Diff
diff --git a/appconfig/latest/userguide/appconfig-security.md b/appconfig/latest/userguide/appconfig-security.md index bd5f81f17..70c395869 100644 --- a//appconfig/latest/userguide/appconfig-security.md +++ b//appconfig/latest/userguide/appconfig-security.md @@ -66,0 +67,6 @@ When creating a customer managed key, use the following key policy to ensure tha +JSON + + +**** + + @@ -75 +81 @@ When creating a customer managed key, use the following key policy to ensure tha - "AWS": "arn:aws:iam::account_ID:role/role_name" + "AWS": "arn:aws:iam::111122223333:role/role_name" @@ -83,0 +90,2 @@ When creating a customer managed key, use the following key policy to ensure tha + } + @@ -86,0 +95,6 @@ To encrypt hosted configuration data with a customer managed key, the identity c +JSON + + +**** + + @@ -93 +107 @@ To encrypt hosted configuration data with a customer managed key, the identity c - "Action": "kms:GenerateDataKey, + "Action": "kms:GenerateDataKey", @@ -144,0 +160,6 @@ When calling the AWS AppConfig [GetLatestConfiguration](https://docs.aws.amazon. +JSON + + +**** + + @@ -151 +172 @@ When calling the AWS AppConfig [GetLatestConfiguration](https://docs.aws.amazon. - "Action": "kms:Decrypt, + "Action": "kms:Decrypt",