Skip to content

docs(iam): drop stale "KMS key policies / NotPrincipal / SCPs" limitations claims#755

Merged
vieiralucas merged 1 commit intomainfrom
worktree-batch1-docs-sync
Apr 25, 2026
Merged

docs(iam): drop stale "KMS key policies / NotPrincipal / SCPs" limitations claims#755
vieiralucas merged 1 commit intomainfrom
worktree-batch1-docs-sync

Conversation

@vieiralucas
Copy link
Copy Markdown
Member

@vieiralucas vieiralucas commented Apr 25, 2026
edited by cubic-dev-ai Bot
Loading

Summary

  • IAM service page and top-level limitations page still claimed KMS key policies + NotPrincipal "not yet evaluated" and SCPs "out of scope for fakecloud's single-account model"
  • All three shipped weeks ago (Phase 5 IAM + Phase 6 SCPs + multi-account), documented correctly in docs/reference/security.md and the comparison/blog posts
  • This is the first batch of a sweep to fill every "Not yet implemented" gap across the codebase

Test plan

  • zola build renders cleanly (95 pages, 9 sections)
  • No residual stale claims after grep -rn "not yet evaluated\|out of scope for fakecloud\|single-account model"
  • Cross-checked code: KMS key policies, NotPrincipal, and SCPs all enforced (per security.md:141,167 and IAM Phase 5/6 memory)

Summary by cubic

Remove stale limitations in IAM docs. We now document support for KMS key policies, NotPrincipal matching, and Organizations SCPs, including multi-account enforcement.

Written for commit d09249f. Summary will update on new commits.

@vieiralucas
docs(iam): drop stale "KMS key polices / NotPrincipal not yet evaluat…
d09249f 
…ed" + "SCPs out of scope" claims

Phase 5 (KMS key policies + NotPrincipal) and Phase 6 (Organizations SCPs +
multi-account) shipped weeks ago and are described correctly in
docs/reference/security.md plus the comparison/blog posts. The IAM service
page and the top-level limitations page were never updated to match. This
brings them in line: KMS key policies, NotPrincipal matching, and SCPs are
all listed as covered, and the "single-account model" line is removed.

No code changes.
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 25, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@vieiralucas vieiralucas merged commit 4671f9f into main Apr 25, 2026
19 checks passed
@vieiralucas vieiralucas deleted the worktree-batch1-docs-sync branch April 25, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vieiralucas