AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2025-11-25 · Documentation low

File: securityhub/latest/userguide/exposure-iam-user.md

Summary

Minor grammatical correction in KMS policy remediation guidance (added 'the' in 'In the exposure finding')

Security assessment

The change is a grammatical improvement without altering security guidance. No new security content or vulnerability remediation was added.

Diff

diff --git a/securityhub/latest/userguide/exposure-iam-user.md b/securityhub/latest/userguide/exposure-iam-user.md
index 254b9fa7a..baf4cdc18 100644
--- a//securityhub/latest/userguide/exposure-iam-user.md
+++ b//securityhub/latest/userguide/exposure-iam-user.md
@@ -182 +182 @@ AWS KMS enables you to create and manage cryptographic keys that are used to pro
-In exposure finding, open the resource. This will open the IAM Policy window. Look for permissions in KMS that allow kms:Decrypt or `kms:ReEncryptFrom` or `KMS:*` with a resource specification of `"*"`. Update the policy to restrict AWS KMS decryption permissions to only the specific keys needed. Modify the policy to replace the `"*"` resource with the specific ARNs of required AWS KMS keys. 
+In the exposure finding, open the resource. This will open the IAM Policy window. Look for permissions in KMS that allow kms:Decrypt or `kms:ReEncryptFrom` or `KMS:*` with a resource specification of `"*"`. Update the policy to restrict AWS KMS decryption permissions to only the specific keys needed. Modify the policy to replace the `"*"` resource with the specific ARNs of required AWS KMS keys.