AWS pcs medium security documentation change
Summary
Added 'secretsmanager:RotateSecret' permission to CreateCluster policy and secret management example
Security assessment
The addition of secretsmanager:RotateSecret action explicitly enables secret rotation capabilities in IAM policies. Secret rotation is a critical security practice to limit credential exposure and comply with rotation requirements. Documenting this required permission helps implement least-privilege access for secret management.
Diff
diff --git a/pcs/latest/userguide/security-min-permissions.md b/pcs/latest/userguide/security-min-permissions.md index 7a7ff541b..32f6e24b2 100644 --- a//pcs/latest/userguide/security-min-permissions.md +++ b//pcs/latest/userguide/security-min-permissions.md @@ -40,0 +41 @@ CreateCluster | + secretsmanager:RotateSecret, @@ -316 +317,2 @@ Users who don't configure and manage the service don't require these permissions - "secretsmanager:UpdateSecret" + "secretsmanager:UpdateSecret", + "secretsmanager:RotateSecret"