AWS eventbridge documentation change
Summary
Added detailed documentation about encryption options for EventBridge archives, including AWS owned keys and customer managed keys
Security assessment
The change adds documentation about encryption options but does not address a specific security vulnerability or incident. It enhances security documentation by explaining encryption choices.
Diff
diff --git a/eventbridge/latest/userguide/eb-archive-event.md index 81948d943..d59b5ae51 100644 --- a/eventbridge/latest/userguide/eb-archive-event.md +++ b/eventbridge/latest/userguide/eb-archive-event.md @@ -54 +54,21 @@ You cannot change the source event bus once you have created the archive. - 7. Choose **Next**. + 7. For **Encryption** , choose the KMS key for EventBridge to use when encrypting the events stored in the archive. + +###### Important + +If you have specify that EventBridge use a customer managed key for encrypting the source event bus, we strongly recommend you also specify a customer managed key for any archives for the event bus as well. + + * Choose **Use AWS owned key** for EventBridge to encrypt the data using an AWS owned key. + +This AWS owned key is a KMS key that EventBridge owns and manages for use in multiple AWS accounts. In general, unless you are required to audit or control the encryption key that protects your resources, an AWS owned key is a good choice. + +This is the default. + + * Choose **Use customer managed key** for EventBridge to encrypt the data using the customer managed key that you specify or create. + +Customer managed key are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys. + + 1. Specify an existing customer managed key, or choose **Create a new KMS key / >**. + +EventBridge displays the key status and any key aliases that have been associated with the specified customer managed key. + + 8. Choose **Next**.