AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2025-03-10 · Documentation low

File: AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md

Summary

Added instructions for encrypting managed storage data with AWS KMS during EC2 cluster creation

Security assessment

Adds guidance for encrypting managed storage, a security best practice. No indication this fixes a specific vulnerability.

Diff

diff --git a/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md
index 64a7c8894..a11aeecbc 100644
--- a/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md
+++ b/AmazonECS/latest/developerguide/create-ec2-cluster-console-v2.md
@@ -34,0 +35,2 @@ We recommend that you use Container Insights with enhanced observability instead
+  * Assign a AWS KMS key for your managed storage. For information about how to create a key, see [Create a KMS key](kms/latest/developerguide/create-keys.html) in the _AWS Key Management Service User Guide_.
+
@@ -183 +185,3 @@ If you use Runtime Monitoring with the manual option and you want to have this c
-  10. (Optional) To manage the cluster tags, expand **Tags** , and then perform one of the following operations:
+  10. (Optional) Encrypt the data on managed storage. Under **Encryption** , for **Managed storage** , enter the ARN of the AWS KMS key you want to use to encrypt the managed storage data.
+
+  11. (Optional) To manage the cluster tags, expand **Tags** , and then perform one of the following operations:
@@ -193 +197 @@ If you use Runtime Monitoring with the manual option and you want to have this c
-  11. Choose **Create**.
+  12. Choose **Create**.