AWS appfabric documentation change
Summary
Removed example KMS key policy JSON configuration
Security assessment
The removal of a sample key policy does not indicate a security issue. This appears to be documentation cleanup rather than addressing a specific vulnerability. No evidence of security implications in the diff.
Diff
diff --git a/appfabric/latest/adminguide/data-protection.md b/appfabric/latest/adminguide/data-protection.md index 228008036..56d621f4d 100644 --- a//appfabric/latest/adminguide/data-protection.md +++ b//appfabric/latest/adminguide/data-protection.md @@ -84,46 +83,0 @@ Following is an example key policy that permits: - - { - "Id": "key-consolepolicy-3", - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Allow access for key administrators", - "Effect": "Allow", - "Principal": {"AWS": "arn:aws:iam::111122223333:root"}, - "Action": ["kms:*"], - "Resource": "arn:aws:kms:us-east-1:111122223333:key/key_ID" - }, - { - "Sid": "Allow read-only access to key metadata to the account", - "Effect": "Allow", - "Principal": {"AWS": "arn:aws:iam::111122223333:root"}, - "Action": [ - "kms:Describe*", - "kms:Get*", - "kms:List*", - "kms:RevokeGrant" - ], - "Resource": "*" - }, - { - "Sid": "Allow access to principals authorized to use AWS AppFabric", - "Effect": "Allow", - "Principal": {"AWS": "IAM-role/user-creating-appfabric-resources"}, - "Action": [ - "kms:Decrypt", - "kms:GenerateDataKey", - "kms:DescribeKey", - "kms:CreateGrant", - "kms:ListAliases" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "kms:ViaService": "appfabric.us-east-1.amazonaws.com", - "kms:CallerAccount": "111122223333" - } - } - } - ] - } -