AWS mgn medium security documentation change
Summary
Removed JSON policy example granting KMS permissions for cross-account encryption management
Security assessment
Removal of specific KMS policy details could lead to misconfiguration risks if users don't implement proper cross-account encryption permissions. The deleted policy included security-critical actions like kms:CreateGrant and kms:ReEncrypt*.
Diff
diff --git a/mgn/latest/ug/global-ebs-encryption-kms.md b/mgn/latest/ug/global-ebs-encryption-kms.md index 251592645..acefe2c30 100644 --- a//mgn/latest/ug/global-ebs-encryption-kms.md +++ b//mgn/latest/ug/global-ebs-encryption-kms.md @@ -11,25 +10,0 @@ Using Administrator access, add these permissions to the AWSApplicationMigration -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Allow management account use CMK of member account", - "Effect": "Allow", - "Action": [ - "kms:CreateGrant", - "kms:DescribeKey", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Resource": "arn:aws:::::" - }] - } - - -