AWS kms documentation change
Summary
Minor edit clarifying that grant constraints are specifically for encryption context.
Security assessment
Cosmetic clarification of existing security documentation with no security implications or new security content.
Diff
diff --git a/kms/latest/developerguide/encrypt_context.md b/kms/latest/developerguide/encrypt_context.md index 7e9eb5c66..ff07ed9df 100644 --- a//kms/latest/developerguide/encrypt_context.md +++ b//kms/latest/developerguide/encrypt_context.md @@ -73 +73 @@ For more information about these encryption context condition keys, see [Conditi -When you [create a grant](./grants.html), you can include [grant constraints](https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html) that establish conditions for the grant permissions. AWS KMS supports two grant constraints, `EncryptionContextEquals` and `EncryptionContextSubset`, both of which involve the [encryption context](./encrypt_context.html) in a request for a cryptographic operation. When you use these grant constraints, the permissions in the grant are effective only when the encryption context in the request for the cryptographic operation satisfies the requirements of the grant constraints. +When you [create a grant](./grants.html), you can include [grant constraints](https://docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html) that establish conditions for the grant permissions. AWS KMS supports two encryption context grant constraints, `EncryptionContextEquals` and `EncryptionContextSubset`, both of which involve the [encryption context](./encrypt_context.html) in a request for a cryptographic operation. When you use these grant constraints, the permissions in the grant are effective only when the encryption context in the request for the cryptographic operation satisfies the requirements of the grant constraints.