AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2025-03-10 · Documentation low

File: AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md

Summary

Added instructions for assigning AWS KMS key to encrypt managed storage data during cluster creation

Security assessment

The change introduces documentation about encrypting managed storage with KMS, which is a security feature. However, there is no evidence this addresses a specific security vulnerability.

Diff

diff --git a/AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md
index 1b15aded8..28cadeb1c 100644
--- a/AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md
+++ b/AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md
@@ -37,0 +38,2 @@ We recommend that you use Container Insights with enhanced observability instead
+  * Assign a AWS KMS key for your managed storage. For information about how to create a key, see [Create a KMS key](kms/latest/developerguide/create-keys.html) in the _AWS Key Management Service User Guide_.
+
@@ -67 +69,3 @@ The name can contain up to 255 letters (uppercase and lowercase), numbers, and h
-  7. (Optional) To help identify your cluster, expand **Tags** , and then configure your tags.
+  7. (Optional) Encrypt the data on managed storage. Under **Encryption** , for **Managed storage** , enter the ARN of the AWS KMS key you want to use to encrypt the managed storage data.
+
+  8. (Optional) To help identify your cluster, expand **Tags** , and then configure your tags.
@@ -75 +79 @@ The name can contain up to 255 letters (uppercase and lowercase), numbers, and h
-  8. Choose **Create**.
+  9. Choose **Create**.