AWS kinesisvideostreams documentation change
Summary
Added example IAM policy JSON documents for KMS permissions required by producers and consumers.
Security assessment
Adds concrete examples of encryption-related IAM policies but doesn't address any specific vulnerability. The policies demonstrate standard KMS permissions for data encryption/decryption workflows.
Diff
diff --git a/kinesisvideostreams/latest/dg/how-kms.md b/kinesisvideostreams/latest/dg/how-kms.md index 3a66f53b8..58b788705 100644 --- a//kinesisvideostreams/latest/dg/how-kms.md +++ b//kinesisvideostreams/latest/dg/how-kms.md @@ -112,0 +113,28 @@ Your Kinesis video stream producers must have the `kms:GenerateDataKey` permissi +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "kms:GenerateDataKey" + ], + "Resource": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab" + }, + { + "Effect": "Allow", + "Action": [ + "kinesisvideo:PutMedia" + ], + "Resource": "arn:aws:kinesisvideo:*:123456789012:stream/MyStream/*" + } + ] + } + + @@ -116,0 +145,28 @@ Your Kinesis video stream consumers must have the `kms:Decrypt` permission: +JSON + + +**** + + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "kms:Decrypt" + ], + "Resource": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab" + }, + { + "Effect": "Allow", + "Action": [ + "kinesisvideo:GetMedia" + ], + "Resource": "arn:aws:kinesisvideo:*:123456789012:stream/MyStream/*" + } + ] + } + +