AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2025-02-27 · Documentation low

File: AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md

Summary

Clarified that KMS keys cannot be associated with existing log groups using the CloudWatch console

Security assessment

The change improves clarity about KMS key association but does not address a specific security issue

Diff

diff --git a/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md
index b33c29047..ff90ea26c 100644
--- a/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md
+++ b/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.md
@@ -35 +35 @@ CloudWatch Logs supports only symmetric KMS keys. Do not use an asymmetric key t
-  * You cannot associate a KMS key with a log group using the CloudWatch console.
+  * You can't associate a KMS key with an existing log group using the CloudWatch console.