AWS directoryservice documentation change
Summary
Removed KMS key policy example for cross-account secret access
Security assessment
Removal of cross-account access policy example impacts documentation but doesn't demonstrate a security fix. KMS policies are security-critical but no vulnerability mentioned.
Diff
diff --git a/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md b/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md index 54171210f..266efe9aa 100644 --- a//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md +++ b//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md @@ -155,28 +154,0 @@ Add a statement to the key policy for the KMS key in Account 1 -JSON - - -**** - - - { - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": "secretsmanager:GetSecretValue", - "Resource": "arn:aws:secretsmanager:us-east-1:111122223333:secret:secretName-AbCdEf" - }, - { - "Effect": "Allow", - "Action": [ - "kms:Decrypt", - "kms:Describekey" - ], - "Resource": "arn:aws:kms:us-east-1:111122223333:key/Your_Encryption_Key" - } - ] - - - -