AWS Security ChangesHomeSearch

AWS transform documentation change

Service: transform · 2025-08-28 · Documentation low

File: transform/latest/userguide/data-encryption.md

Summary

Removed JSON example of KMS encryption policy with service-specific conditions

Security assessment

While KMS policies relate to security, the removal appears to be documentation cleanup without evidence of addressing a specific vulnerability. The policy example itself contained reasonable service restrictions.

Diff

diff --git a/transform/latest/userguide/data-encryption.md b/transform/latest/userguide/data-encryption.md
index e4f2e9fb3..ef1d8558c 100644
--- a//transform/latest/userguide/data-encryption.md
+++ b//transform/latest/userguide/data-encryption.md
@@ -146,35 +145,0 @@ The following example policy grants users permissions to access features encrypt
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-        {
-        "Sid": "QKMSDecryptGenerateDataKeyPermissions",
-        "Effect": "Allow",
-        "Action": [
-        "kms:Decrypt",
-        "kms:GenerateDataKey",
-        "kms:GenerateDataKeyWithoutPlaintext",
-        "kms:ReEncryptFrom",
-        "kms:ReEncryptTo"
-        ],
-        "Resource": [
-        "arn:aws:kms:arn:aws::{111122223333}:key/[[key_id]]"
-        ],
-        "Condition": {
-        "StringLike": {
-        "kms:ViaService": [
-        "q.us-east-1.amazonaws.com"
-        ]
-        }
-        }
-        }
-        ]
-        }
-    
-