AWS amazonq documentation change
Summary
Removed KMS policy example related to encryption context configuration.
Security assessment
Removal of policy example does not directly address a security flaw. KMS documentation changes lack explicit security context or vulnerability fixes.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md b/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md index 41c045431..7087d1c72 100644 --- a//amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md +++ b//amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md @@ -19,37 +18,0 @@ With KMS encryption context, you have an optional set of key-value pairs that ca -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Sid0", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::111122223333:role/rolename" - }, - "Action": [ - "kms:GenerateDataKeyWithoutPlaintext", - "kms:Decrypt", - "kms:ReEncryptFrom", - "kms:ReEncryptTo", - "kms:GenerateDataKey", - "kms:Encrypt", - "kms:DescribeKey" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "kms:ViaService": "q.us-east-1.amazonaws.com", - "kms:EncryptionContext:aws-crypto-ec:aws:qdeveloper:accountId": "accountId" - } - } - } - ] - } - -