AWS sms-voice documentation change
Summary
Added important note clarifying that sharing origination identities via AWS RAM does not grant permission to send messages to China - each account requires individual allowlisting.
Security assessment
This change documents a compliance/regulatory requirement for China messaging. While it addresses access control (preventing unauthorized sending to China), it's primarily about regulatory compliance rather than fixing a security vulnerability. The documentation clarifies existing security controls around country-specific allowlisting.
Diff
diff --git a/sms-voice/latest/userguide/shared-resources.md b/sms-voice/latest/userguide/shared-resources.md index 6e75a08e6..387a4610a 100644 --- a//sms-voice/latest/userguide/shared-resources.md +++ b//sms-voice/latest/userguide/shared-resources.md @@ -27,0 +28,6 @@ This topic explains how to share resources that you own, and how to use resource +###### Important + +Sharing origination identities with other AWS accounts does not grant those accounts permission to send messages to China. Each AWS account must be individually allowlisted for sending to China, regardless of whether the origination identity is owned or shared via AWS RAM. If a consuming account attempts to send to China using a shared origination identity without its own China allowlisting, the request will fail with a `DESTINATION_COUNTRY_BLOCKED` validation error. + +To request China allowlisting for an account, open a case with AWS Support. For more information, see [Requesting support for SMS, MMS, and voice messaging through Support](./awssupport.html). +