AWS kms documentation change
Summary
Added 'EXTERNAL_MU' as a valid value for the kms:MessageType condition key in Sign and Verify operations.
Security assessment
Expands documentation for IAM condition keys to include a new message type value, which is related to access control policies for cryptographic operations. This adds to security documentation but does not indicate a security issue.
Diff
diff --git a/kms/latest/developerguide/conditions-kms.md b/kms/latest/developerguide/conditions-kms.md index f05083f95..9f37956cb 100644 --- a//kms/latest/developerguide/conditions-kms.md +++ b//kms/latest/developerguide/conditions-kms.md @@ -1318 +1318 @@ AWS KMS condition keys | Condition type | Value type | API operations | Policy t -The `kms:MessageType` condition key controls access to the [Sign](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html) and [Verify](https://docs.aws.amazon.com/kms/latest/APIReference/API_Verify.html) operations based on the value of the `MessageType` parameter in the request. Valid values for `MessageType` are `RAW` and `DIGEST`. +The `kms:MessageType` condition key controls access to the [Sign](https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html) and [Verify](https://docs.aws.amazon.com/kms/latest/APIReference/API_Verify.html) operations based on the value of the `MessageType` parameter in the request. Valid values for `MessageType` are `RAW`, `DIGEST` and `EXTERNAL_MU`.