AWS security-lake documentation change
Summary
Fixed documentation links and KMS policy reference formatting.
Security assessment
URL corrections and formatting changes with no security impact. No new security content added.
Diff
diff --git a/security-lake/latest/userguide/AWSServiceRoleForSecurityLakeResourceManagement.md b/security-lake/latest/userguide/AWSServiceRoleForSecurityLakeResourceManagement.md index 14bdc0f22..d290375c9 100644 --- a//security-lake/latest/userguide/AWSServiceRoleForSecurityLakeResourceManagement.md +++ b//security-lake/latest/userguide/AWSServiceRoleForSecurityLakeResourceManagement.md @@ -11 +11 @@ Security Lake uses the service-linked role named `AWSServiceRoleForSecurityLakeR -The permissions policy for the role, which is an AWS managed policy named `SecurityLakeResourceManagementServiceRolePolicy`, allows access to manage resources created by Security Lake; including managing the metadata in your data lake. For more information about, AWS managed policies for Amazon Security Lake, see [AWS managed policies for Amazon Security Lake](https://docs.aws.amazon.com/security-lake/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-SecurityLakeServiceLinkedRole-ResourceManagement.html). +The permissions policy for the role, which is an AWS managed policy named `SecurityLakeResourceManagementServiceRolePolicy`, allows access to manage resources created by Security Lake; including managing the metadata in your data lake. For more information about, AWS managed policies for Amazon Security Lake, see [AWS managed policies for Amazon Security Lake](https://docs.aws.amazon.com//security-lake/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-SecurityLakeServiceLinkedRole-ResourceManagement.html). @@ -159 +159 @@ The following example shows how the Role ARN will look like. You must edit the R -You can also use the [CreateServiceLinkedRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateServiceLinkedRole.html) API call. In the request, specify the `AWSServiceName` as `resource-management.securitylake.amazonaws.com`. +You can also use the [CreateServiceLinkedRole](https://docs.aws.amazon.com//IAM/latest/APIReference/API_CreateServiceLinkedRole.html) API call. In the request, specify the `AWSServiceName` as `resource-management.securitylake.amazonaws.com`. @@ -161 +161 @@ You can also use the [CreateServiceLinkedRole](https://docs.aws.amazon.com/IAM/l -After enabling the `AWSServiceRoleForSecurityLakeResourceManagement` role, if you are using AWS KMS Customer Managed Key (CMK) for encryption, you must allow the service-linked role to write encrypted objects to S3 buckets in the AWS Regions where CMK exists. In the AWS KMS console, add the following policy to the KMS key in the AWS Regions where CMK exists. For the details on how to change the KMS key policy, see [Key policies in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) in the AWS Key Management Service Developer Guide. +After enabling the `AWSServiceRoleForSecurityLakeResourceManagement` role, if you are using AWS KMS Customer Managed Key (CMK) for encryption, you must allow the service-linked role to write encrypted objects to S3 buckets in the AWS Regions where CMK exists. In the AWS KMS console, add the following policy to the KMS key in the AWS Regions where CMK exists. For the details on how to change the KMS key policy, see [Key policies in AWS KMS](https://docs.aws.amazon.com//kms/latest/developerguide/key-policies.html) in the AWS Key Management Service Developer Guide.