AWS fsx documentation change
Summary
Corrected KMS key ARN wildcard syntax and removed redundant encryption context condition
Security assessment
Syntax fixes to policy examples without changing security posture. Removal of duplicate condition improves accuracy but doesn't indicate vulnerability.
Diff
diff --git a/fsx/latest/ONTAPGuide/self-managed-AD-best-practices.md b/fsx/latest/ONTAPGuide/self-managed-AD-best-practices.md index cbc45767f..58b07dccd 100644 --- a//fsx/latest/ONTAPGuide/self-managed-AD-best-practices.md +++ b//fsx/latest/ONTAPGuide/self-managed-AD-best-practices.md @@ -154 +154 @@ For **Encryption Key** , create a new key, don't use the AWS default KMS key. Be - "Resource": "arn:aws:kms:us-west-2:123456789012:key:*", + "Resource": "arn:aws:kms:us-west-2:123456789012:key/*", @@ -157 +156,0 @@ For **Encryption Key** , create a new key, don't use the AWS default KMS key. Be - "kms:EncryptionContext:SecretARN": "arn:aws:secretsmanager:us-west-2:123456789012:secret:*",