AWS singlesignon documentation change
Summary
Swapped order of KMS policy condition keys in JSON syntax
Security assessment
Formatting change without altering policy semantics. Maintains same security controls through equivalent condition key ordering.
Diff
diff --git a/singlesignon/latest/userguide/advanced-kms-policy.md b/singlesignon/latest/userguide/advanced-kms-policy.md index a95d90046..9e9944e32 100644 --- a//singlesignon/latest/userguide/advanced-kms-policy.md +++ b//singlesignon/latest/userguide/advanced-kms-policy.md @@ -100,2 +100,2 @@ The kms:Decrypt action alone does not restrict access to read-only operations. T - "kms:EncryptionContext:aws:sso:instance-arn": "arn:aws:sso:::instance/ssoins-1234567890abcdef", - "kms:ViaService": "sso.*.amazonaws.com" + "kms:ViaService": "sso.*.amazonaws.com", + "kms:EncryptionContext:aws:sso:instance-arn": "arn:aws:sso:::instance/ssoins-1234567890abcdef"