AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-11-01 · Documentation low

File: kms/latest/developerguide/multi-region-keys-auth.md

Summary

Updated IAM policy example to specify permissions for multi-Region key operations

Security assessment

The change clarifies IAM permissions required for multi-Region key management, which improves security documentation but does not address a specific security vulnerability.

Diff

diff --git a/kms/latest/developerguide/multi-region-keys-auth.md b/kms/latest/developerguide/multi-region-keys-auth.md
index 50a4de73f..6fefb2dfc 100644
--- a//kms/latest/developerguide/multi-region-keys-auth.md
+++ b//kms/latest/developerguide/multi-region-keys-auth.md
@@ -91 +91 @@ The `iam:CreateServiceLinkedRole` permission allows AWS KMS to create the [AWSSe
-For example, this IAM policy allows a principal to create any type of KMS key.
+For example, this IAM policy allows a principal to create multi-Region keys, attach policies for those keys, and service linked roles for multi-Region keys.