AWS Security ChangesHomeSearch

AWS directoryservice documentation change

Service: directoryservice · 2025-09-28 · Documentation medium

File: directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md

Summary

Added JSON policy example for KMS key access and SecretsManager permissions

Security assessment

The change documents required permissions for secure directory joining operations, including secrets management and encryption key access. While security-related, there's no indication this addresses a specific vulnerability rather than standard security configuration guidance.

Diff

diff --git a/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md b/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md
index 0f3bdec6c..87c156c8a 100644
--- a//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md
+++ b//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md
@@ -154,0 +155,26 @@ Add a statement to the key policy for the KMS key in Account 1
+JSON
+    
+
+****
+    
+    
+        {
+      "Version":"2012-10-17",		 	 	 
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "secretsmanager:GetSecretValue",
+          "Resource": "arn:aws:secretsmanager:us-east-1:111122223333:secret:secretName-AbCdEf"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "kms:Decrypt",
+            "kms:Describekey"
+          ],
+          "Resource": "arn:aws:kms:us-east-1:111122223333:key/Your_Encryption_Key"
+        }
+      ]
+    }
+    
+