AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2026-03-22 · Documentation low

File: singlesignon/latest/userguide/advanced-kms-policy.md

Summary

Swapped order of KMS policy condition keys in JSON syntax

Security assessment

Formatting change without altering policy semantics. Maintains same security controls through equivalent condition key ordering.

Diff

diff --git a/singlesignon/latest/userguide/advanced-kms-policy.md b/singlesignon/latest/userguide/advanced-kms-policy.md
index a95d90046..9e9944e32 100644
--- a//singlesignon/latest/userguide/advanced-kms-policy.md
+++ b//singlesignon/latest/userguide/advanced-kms-policy.md
@@ -100,2 +100,2 @@ The kms:Decrypt action alone does not restrict access to read-only operations. T
-              "kms:EncryptionContext:aws:sso:instance-arn": "arn:aws:sso:::instance/ssoins-1234567890abcdef",
-              "kms:ViaService": "sso.*.amazonaws.com"
+              "kms:ViaService": "sso.*.amazonaws.com",
+              "kms:EncryptionContext:aws:sso:instance-arn": "arn:aws:sso:::instance/ssoins-1234567890abcdef"