AWS scheduler documentation change
Summary
Removed JSON policy examples for KMS key configuration
Security assessment
Policy example removal reduces implementation guidance but doesn't directly indicate security issues. No evidence of vulnerability remediation.
Diff
diff --git a/scheduler/latest/UserGuide/encryption-rest.md b/scheduler/latest/UserGuide/encryption-rest.md index eb366f7c5..91059d47a 100644 --- a//scheduler/latest/UserGuide/encryption-rest.md +++ b//scheduler/latest/UserGuide/encryption-rest.md @@ -130,24 +129,0 @@ When you create a customer managed key using AWS KMS, by default, your key has t -JSON - - -**** - - - - { - "Id": "key-policy-1", - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ProvideRequiredIAMPermissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws::iam::123456789012:root" - }, - "Action": "kms:*", - "Resource": "*" - } - ] - } - - @@ -156,35 +131,0 @@ Optionally, you can limit the scope of your key policy to only provide access to -JSON - - -**** - - - - { - "Id": "key-policy-2", - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ProvideRequiredIAMPermissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws::iam::123456789012:root" - }, - "Action": "kms:*", - "Resource": "*" - }, - { - "Sid": "Allow use of the key", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::123456789012:role/schedule-execution-role" - }, - "Action": [ - "kms:Decrypt" - ], - "Resource": "*" - } - ] - } - -