AWS singlesignon documentation change
Summary
Simplified instructions for KMS key permissions when integrating customer-managed applications
Security assessment
Refines existing security documentation about KMS permissions but doesn't address a specific vulnerability. Clarifies requirements without changing security posture.
Diff
diff --git a/singlesignon/latest/userguide/customermanagedapps.md b/singlesignon/latest/userguide/customermanagedapps.md index cd0829123..5b45140e3 100644 --- a//singlesignon/latest/userguide/customermanagedapps.md +++ b//singlesignon/latest/userguide/customermanagedapps.md @@ -20 +20 @@ IAM Identity Center acts as a central identity service to your workforce users a -When integrating customer managed applications with an IAM Identity Center instance that uses a [customer managed KMS key](./encryption-at-rest.html), verify whether the application invokes IAM Identity Center service APIs to confirm whether the application needs KMS key permissions. Follow the guidance for granting KMS key permissions to custom workflows in the IAM Identity Center User Guide's [ baseline KMS key policies](./baseline-KMS-key-policy.html#baseline-kms-key-policy-statements-for-use-of-custom-workflows-with-iam-identity-center). +When integrating customer managed applications with an IAM Identity Center instance that uses a [customer managed KMS key](./encryption-at-rest.html), verify whether the application invokes IAM Identity Center service APIs. If it does, see the [ baseline KMS key policy](./baseline-KMS-key-policy.html) for the required permissions.