AWS Security ChangesHomeSearch

AWS audit-manager documentation change

Service: audit-manager · 2025-03-26 · Documentation low

File: audit-manager/latest/userguide/control-data-sources-api.md

Summary

Clarified that Audit Manager's ListBuckets operation and encryption checks are limited to S3 buckets in the same AWS Region as the assessment

Security assessment

The change clarifies regional scope of encryption checks but does not address a specific security vulnerability or add new security documentation. It improves accuracy of existing security-related information but isn't directly tied to a security issue.

Diff

diff --git a/audit-manager/latest/userguide/control-data-sources-api.md b/audit-manager/latest/userguide/control-data-sources-api.md
index de5f8389f..abe3ef04b 100644
--- a/audit-manager/latest/userguide/control-data-sources-api.md
+++ b/audit-manager/latest/userguide/control-data-sources-api.md
@@ -131,2 +131,2 @@ Supported API call | How Audit Manager uses this API to collect evidence
-[s3_GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) |  Collect a snapshot that shows the default encryption configuration for your S3 buckets. When you use this API as a data source, you don't need to provide the name of a specific S3 bucket. Instead, Audit Manager uses the `ListBuckets` operation to list all of your buckets. For every bucket that's listed, Audit Manager then performs the `GetBucketEncryption` operation to generate evidence for that resource. Audit Manager can only provide the encryption status for buckets that were created in the same AWS Region as your assessment. If you need to see the encryption status of all your S3 buckets across multiple AWS Regions, we recommend that you create an assessment in each AWS Region where you have an S3 bucket.  
-[s3_ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) | Retrieve a list of the S3 buckets in your AWS account.  
+[s3_GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html) |  Collect a snapshot that shows the default encryption configuration for your S3 buckets. When you use this API as a data source, you don't need to provide the name of a specific S3 bucket. Instead, Audit Manager uses the `ListBuckets` operation to list the buckets that were created in the same AWS Region as your assessment. For every bucket that's listed, Audit Manager then performs the `GetBucketEncryption` operation to generate evidence for that resource. Audit Manager can only provide the encryption status for buckets that were created in the same AWS Region as your assessment. If you need to see the encryption status of all your S3 buckets across multiple AWS Regions, we recommend that you create an assessment in each AWS Region where you have an S3 bucket.  
+[s3_ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) | Retrieve a list of the S3 buckets in your AWS account. Audit Manager can only list buckets that were created in the same AWS Region as your assessment. If you need to see all your S3 buckets across multiple AWS Regions, we recommend that you create an assessment in each AWS Region where you have an S3 bucket.