AWS AmazonECS documentation change
Summary
Added instructions for assigning AWS KMS key to encrypt managed storage data during cluster creation
Security assessment
The change introduces documentation about encrypting managed storage with KMS, which is a security feature. However, there is no evidence this addresses a specific security vulnerability.
Diff
diff --git a/AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md index 1b15aded8..28cadeb1c 100644 --- a/AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md +++ b/AmazonECS/latest/developerguide/create-cluster-console-v2-ecs-anywhere.md @@ -37,0 +38,2 @@ We recommend that you use Container Insights with enhanced observability instead + * Assign a AWS KMS key for your managed storage. For information about how to create a key, see [Create a KMS key](kms/latest/developerguide/create-keys.html) in the _AWS Key Management Service User Guide_. + @@ -67 +69,3 @@ The name can contain up to 255 letters (uppercase and lowercase), numbers, and h - 7. (Optional) To help identify your cluster, expand **Tags** , and then configure your tags. + 7. (Optional) Encrypt the data on managed storage. Under **Encryption** , for **Managed storage** , enter the ARN of the AWS KMS key you want to use to encrypt the managed storage data. + + 8. (Optional) To help identify your cluster, expand **Tags** , and then configure your tags. @@ -75 +79 @@ The name can contain up to 255 letters (uppercase and lowercase), numbers, and h - 8. Choose **Create**. + 9. Choose **Create**.