AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-28 · Documentation low

File: waf/latest/developerguide/using-service-linked-roles.md

Summary

Added KMS actions (GenerateDataKey, Decrypt) to service-linked role permissions for customer-managed key support.

Security assessment

This enables encryption using customer-managed keys, enhancing data security capabilities. However, it documents feature enablement rather than addressing a specific vulnerability.

Diff

diff --git a/waf/latest/developerguide/using-service-linked-roles.md b/waf/latest/developerguide/using-service-linked-roles.md
index df09c8f55..e1bec3f44 100644
--- a//waf/latest/developerguide/using-service-linked-roles.md
+++ b//waf/latest/developerguide/using-service-linked-roles.md
@@ -38,0 +39,2 @@ The permissions policies of the role allow AWS WAF to complete the following act
+  * AWS Key Management Service actions: `GenerateDataKey` and `Decrypt` to allow Amazon Data Firehose to use customer managed AWS KMS keys to encrypt data.
+