AWS Security ChangesHomeSearch

AWS amazonq documentation change

Service: amazonq · 2025-08-28 · Documentation low

File: amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md

Summary

Removed KMS policy example related to encryption context configuration.

Security assessment

Removal of policy example does not directly address a security flaw. KMS documentation changes lack explicit security context or vulnerability fixes.

Diff

diff --git a/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md b/amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md
index 41c045431..7087d1c72 100644
--- a//amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md
+++ b//amazonq/latest/qdeveloper-ug/security_iam_manage-access-with-kms-policies.md
@@ -19,37 +18,0 @@ With KMS encryption context, you have an optional set of key-value pairs that ca
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "Sid0",
-                "Effect": "Allow",
-                "Principal": {
-                    "AWS": "arn:aws:iam::111122223333:role/rolename"
-                },
-                "Action": [
-                    "kms:GenerateDataKeyWithoutPlaintext",
-                    "kms:Decrypt",
-                    "kms:ReEncryptFrom",
-                    "kms:ReEncryptTo",
-                    "kms:GenerateDataKey",
-                    "kms:Encrypt",
-                    "kms:DescribeKey"
-                ],
-                "Resource": "*",
-                "Condition": {
-                    "StringEquals": {
-                        "kms:ViaService": "q.us-east-1.amazonaws.com",
-                        "kms:EncryptionContext:aws-crypto-ec:aws:qdeveloper:accountId": "accountId"
-                    }
-                }
-            }
-        ]
-    }
-    
-