AWS AmazonS3 documentation change
Summary
Removed KMS key policy example for SSE-KMS encrypted tables maintenance access
Security assessment
Deletion of KMS policy template removes encryption configuration guidance but doesn't address a specific security vulnerability. Impacts documentation completeness rather than security posture.
Diff
diff --git a/AmazonS3/latest/userguide/s3-tables-kms-permissions.md b/AmazonS3/latest/userguide/s3-tables-kms-permissions.md index 30343e078..31d02b986 100644 --- a//AmazonS3/latest/userguide/s3-tables-kms-permissions.md +++ b//AmazonS3/latest/userguide/s3-tables-kms-permissions.md @@ -68,31 +67,0 @@ To grant maintenance access on SSE-KMS encrypted tables, you can use the followi -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "EnableKeyUsage", - "Effect": "Allow", - "Principal": { - "Service": "maintenance.s3tables.amazonaws.com" - }, - "Action": [ - "kms:GenerateDataKey", - "kms:Decrypt" - ], - "Resource": "arn:aws:kms:aws-region:111122223333:key/key-id", - "Condition": { - "StringLike": { - "kms:EncryptionContext:aws:s3:arn":"<table-or-table-bucket-arn>/*" - } - } - } - ] - } - -