AWS securityhub documentation change
Summary
Minor grammatical correction in KMS policy remediation guidance (added 'the' in 'In the exposure finding')
Security assessment
The change is a grammatical improvement without altering security guidance. No new security content or vulnerability remediation was added.
Diff
diff --git a/securityhub/latest/userguide/exposure-iam-user.md b/securityhub/latest/userguide/exposure-iam-user.md index 254b9fa7a..baf4cdc18 100644 --- a//securityhub/latest/userguide/exposure-iam-user.md +++ b//securityhub/latest/userguide/exposure-iam-user.md @@ -182 +182 @@ AWS KMS enables you to create and manage cryptographic keys that are used to pro -In exposure finding, open the resource. This will open the IAM Policy window. Look for permissions in KMS that allow kms:Decrypt or `kms:ReEncryptFrom` or `KMS:*` with a resource specification of `"*"`. Update the policy to restrict AWS KMS decryption permissions to only the specific keys needed. Modify the policy to replace the `"*"` resource with the specific ARNs of required AWS KMS keys. +In the exposure finding, open the resource. This will open the IAM Policy window. Look for permissions in KMS that allow kms:Decrypt or `kms:ReEncryptFrom` or `KMS:*` with a resource specification of `"*"`. Update the policy to restrict AWS KMS decryption permissions to only the specific keys needed. Modify the policy to replace the `"*"` resource with the specific ARNs of required AWS KMS keys.