AWS cloudformation-cli medium security documentation change
Summary
Corrected KMS encryption context key in policy examples from 'account-id' to actual account ID format
Security assessment
Fixes incorrect KMS policy condition that could lead to overly permissive access if copied without correction. The change ensures proper encryption context validation for CloudFormation operations, addressing a potential misconfiguration risk.
Diff
diff --git a/cloudformation-cli/latest/hooks-userguide/hooks-kms-key-policy.md b/cloudformation-cli/latest/hooks-userguide/hooks-kms-key-policy.md index bfe5cef30..c08982dbf 100644 --- a//cloudformation-cli/latest/hooks-userguide/hooks-kms-key-policy.md +++ b//cloudformation-cli/latest/hooks-userguide/hooks-kms-key-policy.md @@ -102 +102 @@ JSON - "kms:EncryptionContext:aws:cloudformation:account-id": "123456789012" + "kms:EncryptionContext:aws:cloudformation:123456789012": "123456789012" @@ -155 +155 @@ JSON - "kms:EncryptionContext:aws:cloudformation:account-id": "123456789012" + "kms:EncryptionContext:aws:cloudformation:123456789012": "123456789012" @@ -215 +215 @@ JSON - "kms:EncryptionContext:aws:cloudformation:account-id": "123456789012" + "kms:EncryptionContext:aws:cloudformation:123456789012": "123456789012"