AWS transform documentation change
Summary
Removed JSON example of KMS encryption policy with service-specific conditions
Security assessment
While KMS policies relate to security, the removal appears to be documentation cleanup without evidence of addressing a specific vulnerability. The policy example itself contained reasonable service restrictions.
Diff
diff --git a/transform/latest/userguide/data-encryption.md b/transform/latest/userguide/data-encryption.md index e4f2e9fb3..ef1d8558c 100644 --- a//transform/latest/userguide/data-encryption.md +++ b//transform/latest/userguide/data-encryption.md @@ -146,35 +145,0 @@ The following example policy grants users permissions to access features encrypt -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "QKMSDecryptGenerateDataKeyPermissions", - "Effect": "Allow", - "Action": [ - "kms:Decrypt", - "kms:GenerateDataKey", - "kms:GenerateDataKeyWithoutPlaintext", - "kms:ReEncryptFrom", - "kms:ReEncryptTo" - ], - "Resource": [ - "arn:aws:kms:arn:aws::{111122223333}:key/[[key_id]]" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "q.us-east-1.amazonaws.com" - ] - } - } - } - ] - } - -