AWS neptune-analytics documentation change
Summary
Added example IAM policy with KMS and S3 permissions for Neptune Analytics export operations
Security assessment
Documents required encryption/access permissions but does not address a specific security incident.
Diff
diff --git a/neptune-analytics/latest/userguide/import-export-permissions.md b/neptune-analytics/latest/userguide/import-export-permissions.md index 1d267c9cb..32e7fa67b 100644 --- a//neptune-analytics/latest/userguide/import-export-permissions.md +++ b//neptune-analytics/latest/userguide/import-export-permissions.md @@ -25,0 +26,37 @@ Neptune Analytics Export writes data into customer-owned Amazon S3 buckets. To d +JSON + + +**** + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "kms:DescribeKey", + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Resource": "arn:aws:kms:us-east-1:111122223333:key/key-id" + }, + { + "Sid": "VisualEditor1", + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::amzn-s3-demo-bucket/", + "arn:aws:s3:::amzn-s3-demo-bucket/*" + ] + } + ] + } + + +