AWS aws-backup documentation change
Summary
Clarified KMS permission requirements between customer-managed and AWS-managed keys
Security assessment
Enhanced documentation about encryption key management without fixing a specific vulnerability. Security impact: Low - improves clarity for security configuration but doesn't address active threat.
Diff
diff --git a/aws-backup/latest/devguide/encryption.md b/aws-backup/latest/devguide/encryption.md index b633c60a0..6cb15b108 100644 --- a//aws-backup/latest/devguide/encryption.md +++ b//aws-backup/latest/devguide/encryption.md @@ -138 +138,3 @@ JSON -These permissions must be part of the key, whether it is AWS managed or customer managed. +For customer managed keys, ensure these permissions are included in the key policy. You can view and update the key policy using the steps below. + +For AWS managed keys (such as `aws/backup` or `aws/ebs`), these permissions are already included in the key policy by AWS and cannot be modified by the customer.