AWS directoryservice documentation change
Summary
Added JSON policy example for KMS key access and SecretsManager permissions
Security assessment
The change documents required permissions for secure directory joining operations, including secrets management and encryption key access. While security-related, there's no indication this addresses a specific vulnerability rather than standard security configuration guidance.
Diff
diff --git a/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md b/directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md index 0f3bdec6c..87c156c8a 100644 --- a//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md +++ b//directoryservice/latest/admin-guide/seamlessly_join_linux_to_shared_MAD.md @@ -154,0 +155,26 @@ Add a statement to the key policy for the KMS key in Account 1 +JSON + + +**** + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "secretsmanager:GetSecretValue", + "Resource": "arn:aws:secretsmanager:us-east-1:111122223333:secret:secretName-AbCdEf" + }, + { + "Effect": "Allow", + "Action": [ + "kms:Decrypt", + "kms:Describekey" + ], + "Resource": "arn:aws:kms:us-east-1:111122223333:key/Your_Encryption_Key" + } + ] + } + +