AWS AmazonECS documentation change
Summary
Added instructions for encrypting managed storage data with AWS KMS during EC2 cluster creation
Security assessment
Adds guidance for encrypting managed storage, a security best practice. No indication this fixes a specific vulnerability.
Diff
diff --git a/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md index 64a7c8894..a11aeecbc 100644 --- a/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md +++ b/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md @@ -34,0 +35,2 @@ We recommend that you use Container Insights with enhanced observability instead + * Assign a AWS KMS key for your managed storage. For information about how to create a key, see [Create a KMS key](kms/latest/developerguide/create-keys.html) in the _AWS Key Management Service User Guide_. + @@ -183 +185,3 @@ If you use Runtime Monitoring with the manual option and you want to have this c - 10. (Optional) To manage the cluster tags, expand **Tags** , and then perform one of the following operations: + 10. (Optional) Encrypt the data on managed storage. Under **Encryption** , for **Managed storage** , enter the ARN of the AWS KMS key you want to use to encrypt the managed storage data. + + 11. (Optional) To manage the cluster tags, expand **Tags** , and then perform one of the following operations: @@ -193 +197 @@ If you use Runtime Monitoring with the manual option and you want to have this c - 11. Choose **Create**. + 12. Choose **Create**.