AWS kms documentation change
Summary
Updated IAM policy example to specify permissions for multi-Region key operations
Security assessment
The change clarifies IAM permissions required for multi-Region key management, which improves security documentation but does not address a specific security vulnerability.
Diff
diff --git a/kms/latest/developerguide/multi-region-keys-auth.md b/kms/latest/developerguide/multi-region-keys-auth.md index 50a4de73f..6fefb2dfc 100644 --- a//kms/latest/developerguide/multi-region-keys-auth.md +++ b//kms/latest/developerguide/multi-region-keys-auth.md @@ -91 +91 @@ The `iam:CreateServiceLinkedRole` permission allows AWS KMS to create the [AWSSe -For example, this IAM policy allows a principal to create any type of KMS key. +For example, this IAM policy allows a principal to create multi-Region keys, attach policies for those keys, and service linked roles for multi-Region keys.