AWS Security ChangesHomeSearch

AWS singlesignon documentation change

Service: singlesignon · 2026-05-04 · Documentation low

File: singlesignon/latest/userguide/customermanagedapps.md

Summary

Simplified instructions for KMS key permissions when integrating customer-managed applications

Security assessment

Refines existing security documentation about KMS permissions but doesn't address a specific vulnerability. Clarifies requirements without changing security posture.

Diff

diff --git a/singlesignon/latest/userguide/customermanagedapps.md b/singlesignon/latest/userguide/customermanagedapps.md
index cd0829123..5b45140e3 100644
--- a//singlesignon/latest/userguide/customermanagedapps.md
+++ b//singlesignon/latest/userguide/customermanagedapps.md
@@ -20 +20 @@ IAM Identity Center acts as a central identity service to your workforce users a
-When integrating customer managed applications with an IAM Identity Center instance that uses a [customer managed KMS key](./encryption-at-rest.html), verify whether the application invokes IAM Identity Center service APIs to confirm whether the application needs KMS key permissions. Follow the guidance for granting KMS key permissions to custom workflows in the IAM Identity Center User Guide's [ baseline KMS key policies](./baseline-KMS-key-policy.html#baseline-kms-key-policy-statements-for-use-of-custom-workflows-with-iam-identity-center). 
+When integrating customer managed applications with an IAM Identity Center instance that uses a [customer managed KMS key](./encryption-at-rest.html), verify whether the application invokes IAM Identity Center service APIs. If it does, see the [ baseline KMS key policy](./baseline-KMS-key-policy.html) for the required permissions.