AWS Security ChangesHomeSearch

AWS kendra documentation change

Service: kendra · 2025-09-28 · Documentation low

File: kendra/latest/dg/iam-roles.md

Summary

Removed a sample IAM policy and updated remaining policy examples with concrete region/account values

Security assessment

Changes appear to be example standardization rather than addressing security issues. The updates use specific ARN formats but don't introduce or modify security controls.

Diff

diff --git a/kendra/latest/dg/iam-roles.md b/kendra/latest/dg/iam-roles.md
index 7d9e4863a..20e3f2f18 100644
--- a//kendra/latest/dg/iam-roles.md
+++ b//kendra/latest/dg/iam-roles.md
@@ -596,50 +595,0 @@ You can connect database data sources to Amazon Kendra through Amazon VPC. If yo
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "secretsmanager:GetSecretValue"
-                ],
-                "Resource": [
-                    "arn:aws:secretsmanager:your-region:your-account-id:secret:secret-id"
-                ]
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "kms:Decrypt"
-                ],
-                "Resource": [
-                    "arn:aws:kms:your-region:your-account-id:key/key-id"
-                ]
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "kendra:BatchPutDocument",
-                    "kendra:BatchDeleteDocument"
-                ],
-                "Resource": [
-                    "arn:aws:kendra:your-region:your-account-id:index/index-id"
-                "Condition": {
-                    "StringLike": {
-                        "kms:ViaService": [
-                            "kendra.your-region.amazonaws.com"
-                        ]
-                    }
-                }
-            },
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "s3:GetObject"
-                ],
-                "Resource": [
-                    "arn:aws:s3:::bucket-name/*"
-                ]
-            }
-        ]
-    }
-
@@ -1277,0 +1228,6 @@ A role policy to allow Amazon Kendra to connect to Confluence.
+JSON
+    
+
+****
+    
+    
@@ -1288 +1244 @@ A role policy to allow Amazon Kendra to connect to Confluence.
-            "arn:aws:secretsmanager:your-region:your-account-id:secret:secret-id"
+                    "arn:aws:secretsmanager:us-east-1:123456789012:secret:secret-id"
@@ -1297 +1253 @@ A role policy to allow Amazon Kendra to connect to Confluence.
-            "arn:aws:kms:your-region:your-account-id:key/key-id"
+                    "arn:aws:kms:us-east-1:123456789012:key/key-id"
@@ -1302 +1258 @@ A role policy to allow Amazon Kendra to connect to Confluence.
-                "secretsmanager.your-region.amazonaws.com"
+                            "secretsmanager.us-east-1.amazonaws.com"
@@ -1316,2 +1272,2 @@ A role policy to allow Amazon Kendra to connect to Confluence.
-            "arn:aws:kendra:your-region:your-account-id:index/index-id",
-            "arn:aws:kendra:your-region:your-account-id:index/index-id/data-source/*"
+                    "arn:aws:kendra:us-east-1:123456789012:index/index-id",
+                    "arn:aws:kendra:us-east-1:123456789012:index/index-id/data-source/*"
@@ -1319 +1275 @@ A role policy to allow Amazon Kendra to connect to Confluence.
-        }
+            },
@@ -1326 +1282 @@ A role policy to allow Amazon Kendra to connect to Confluence.
-          "Resource": "arn:aws:kendra:your-region:your-account-id:index/index-id"
+                "Resource": "arn:aws:kendra:us-east-1:123456789012:index/index-id"