AWS Security ChangesHomeSearch

AWS mgn medium security documentation change

Service: mgn · 2025-08-28 · Security-related medium

File: mgn/latest/ug/global-ebs-encryption-kms.md

Summary

Removed JSON policy example granting KMS permissions for cross-account encryption management

Security assessment

Removal of specific KMS policy details could lead to misconfiguration risks if users don't implement proper cross-account encryption permissions. The deleted policy included security-critical actions like kms:CreateGrant and kms:ReEncrypt*.

Diff

diff --git a/mgn/latest/ug/global-ebs-encryption-kms.md b/mgn/latest/ug/global-ebs-encryption-kms.md
index 251592645..acefe2c30 100644
--- a//mgn/latest/ug/global-ebs-encryption-kms.md
+++ b//mgn/latest/ug/global-ebs-encryption-kms.md
@@ -11,25 +10,0 @@ Using Administrator access, add these permissions to the AWSApplicationMigration
-JSON
-    
-
-****
-    
-    
-    
-        {
-          "Version": "2012-10-17",
-          "Statement": [
-          {
-            "Sid": "Allow management account use CMK of member account",
-            "Effect": "Allow",
-            "Action": [
-              "kms:CreateGrant",
-              "kms:DescribeKey",
-              "kms:ReEncrypt*",
-              "kms:GenerateDataKey*"
-            ],
-            "Resource": "arn:aws:::::"
-          }]
-        }
-      
-    
-