AWS Security ChangesHomeSearch

AWS snowball documentation change

Service: snowball · 2025-04-11 · Documentation low

File: snowball/latest/developer-guide/data-protection.md

Summary

Fixed repeated 'Edge' in product name references throughout the document (e.g., 'AWS Snowball Edge Edge' -> 'AWS Snowball Edge') and minor terminology corrections

Security assessment

Changes are typo corrections and product name standardization without introducing new security content or addressing vulnerabilities. Security-related statements about encryption and verification processes remain substantively unchanged.

Diff

diff --git a/snowball/latest/developer-guide/data-protection.md b/snowball/latest/developer-guide/data-protection.md
index 3b0fbbc7c..28e5d76da 100644
--- a//snowball/latest/developer-guide/data-protection.md
+++ b//snowball/latest/developer-guide/data-protection.md
@@ -59 +59 @@ AWS Snowball Edge protects your data when you're importing or exporting data int
-When you're using a Snowball Edge to import data into S3, all data transferred to a device is protected by SSL encryption over the network. To protect data at rest, AWS Snowball Edge Edge uses server side-encryption (SSE).
+When you're using a Snowball Edge to import data into S3, all data transferred to a device is protected by SSL encryption over the network. To protect data at rest, AWS Snowball Edge uses server side-encryption (SSE).
@@ -63 +63 @@ When you're using a Snowball Edge to import data into S3, all data transferred t
-AWS Snowball Edge Edge supports server-side encryption with Amazon S3–managed encryption keys (SSE-S3). Server-side encryption is about protecting data at rest, and SSE-S3 has strong, multifactor encryption to protect your data at rest in Amazon S3. For more information on SSE-S3, see [Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the _Amazon Simple Storage Service User Guide_.
+AWS Snowball Edge supports server-side encryption with Amazon S3–managed encryption keys (SSE-S3). Server-side encryption is about protecting data at rest, and SSE-S3 has strong, multifactor encryption to protect your data at rest in Amazon S3. For more information on SSE-S3, see [Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the _Amazon Simple Storage Service User Guide_.
@@ -65 +65 @@ AWS Snowball Edge Edge supports server-side encryption with Amazon S3–managed
-Currently, AWS Snowball Edge Edge doesn't offer server-side encryption with customer-provided keys (SSE-C). Amazon S3 compatible storage on Snowball Edge offers SSE-C for local compute and storage jobs. However, you might want to use that SSE type to protect data that has been imported, or you might already use it on data you want to export. In these cases, keep the following in mind:
+Currently, AWS Snowball Edge doesn't offer server-side encryption with customer-provided keys (SSE-C). Amazon S3 compatible storage on Snowball Edge offers SSE-C for local compute and storage jobs. However, you might want to use that SSE type to protect data that has been imported, or you might already use it on data you want to export. In these cases, keep the following in mind:
@@ -140 +140 @@ You've finished configuring your Amazon S3 bucket. When your data is imported in
-AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS uses hardware security modules (HSMs) to protect the security of your keys. Specifically, the Amazon Resource Name (ARN) for the AWS KMS key that you choose for a job in AWS Snowball Edge Edge is associated with a KMS key. That KMS key is used to encrypt the unlock code for your job. The unlock code is used to decrypt the top layer of encryption on your manifest file. The encryption keys stored within the manifest file are used to encrypt and de-encrypt the data on the device.
+AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS uses hardware security modules (HSMs) to protect the security of your keys. Specifically, the Amazon Resource Name (ARN) for the AWS KMS key that you choose for a job in AWS Snowball Edge is associated with a KMS key. That KMS key is used to encrypt the unlock code for your job. The unlock code is used to decrypt the top layer of encryption on your manifest file. The encryption keys stored within the manifest file are used to encrypt and de-encrypt the data on the device.
@@ -142 +142 @@ AWS Key Management Service (AWS KMS) is a managed service that makes it easy for
-In AWS Snowball Edge Edge, AWS KMS protects the encryption keys used to protect data on each AWS Snowball Edge device. When you create your job, you also choose an existing KMS key. Specifying the ARN for an AWS KMS key tells AWS Snowball Edge which AWS KMS keys to use to encrypt the unique keys on the AWS Snowball Edge device. For more information on AWS Snowball Edge Edge supported Amazon S3 server-side-encryption options , see Server-Side Encryption in AWS Snowball Edge Edge.
+In AWS Snowball Edge Edge, AWS KMS protects the encryption keys used to protect data on each AWS Snowball Edge device. When you create your job, you also choose an existing KMS key. Specifying the ARN for an AWS KMS key tells AWS Snowball Edge which AWS KMS keys to use to encrypt the unique keys on the AWS Snowball Edge device. For more information on AWS Snowball Edge supported Amazon S3 server-side-encryption options , see Server-Side Encryption in AWS Snowball Edge Edge.
@@ -193 +193 @@ We recommend the following security approaches:
-  * Don't leave the device sitting on a loading dock. Left on a loading dock, it can be exposed to the elements. Although each AWS Snowball Edge Edge device is rugged, weather can damage the sturdiest of hardware. Report stolen, missing, or broken devices as soon as possible. The sooner such an issue is reported, the sooner another one can be sent to complete your job.
+  * Don't leave the device sitting on a loading dock. Left on a loading dock, it can be exposed to the elements. Although each AWS Snowball Edge device is rugged, weather can damage the sturdiest of hardware. Report stolen, missing, or broken devices as soon as possible. The sooner such an issue is reported, the sooner another one can be sent to complete your job.
@@ -200 +200 @@ We recommend the following security approaches:
-The AWS Snowball Edge Edge devices are the property of AWS. Tampering with a device is a violation of the AWS Acceptable Use Policy. For more information, see [http://aws.amazon.com/aup/](http://aws.amazon.com/aup/).
+The AWS Snowball Edge devices are the property of AWS. Tampering with a device is a violation of the AWS Acceptable Use Policy. For more information, see [http://aws.amazon.com/aup/](http://aws.amazon.com/aup/).
@@ -208 +208 @@ We perform the following security steps:
-  * When a device arrives at AWS, we inspect it for any signs of tampering and to verify that no changes were detected by the Trusted Platform Module (TPM). AWS Snowball Edge Edge uses multiple layers of security designed to protect your data, including tamper-resistant enclosures, 256-bit encryption, and an industry-standard TPM designed to provide both security and full chain of custody for your data. 
+  * When a device arrives at AWS, we inspect it for any signs of tampering and to verify that no changes were detected by the Trusted Platform Module (TPM). AWS Snowball Edge uses multiple layers of security designed to protect your data, including tamper-resistant enclosures, 256-bit encryption, and an industry-standard TPM designed to provide both security and full chain of custody for your data. 
@@ -217 +217 @@ We perform the following security steps:
-Snowball Edge Compute Optimized and Snowball Edge Storage Optimized (for data transfer) devices have NFC tags built into them. You can scan these tags with the AWS Snowball Edge Edge Verification App, available on Android. Scanning and validating these NFC tags can help you verify that your device has not been tampered with before you use it.
+Snowball Edge Compute Optimized and Snowball Edge Storage Optimized (for data transfer) devices have NFC tags built into them. You can scan these tags with the AWS Snowball Edge Verification App, available on Android. Scanning and validating these NFC tags can help you verify that your device has not been tampered with before you use it.
@@ -244 +244 @@ The QR code is saved to a location of your choice as a .png file.
-  3. You can scan these tags using the AWS Snowball Edge Edge Verification App on Android.
+  3. You can scan these tags using the AWS Snowball Edge Verification App on Android.
@@ -248 +248 @@ The QR code is saved to a location of your choice as a .png file.
-The AWS Snowball Edge Edge Verification App is not available to download, but if you have a device with the app already installed, you can use the app.
+The AWS Snowball Edge Verification App is not available to download, but if you have a device with the app already installed, you can use the app.