AWS Security ChangesHomeSearch

AWS eventbridge documentation change

Service: eventbridge · 2025-04-18 · Documentation medium

File: eventbridge/latest/userguide/eb-target-connection-create.md

Summary

Added encryption configuration section detailing KMS key management for connection secrets

Security assessment

Documents new encryption controls for secrets management but does not indicate a resolved vulnerability.

Diff

diff --git a/eventbridge/latest/userguide/eb-target-connection-create.md b/eventbridge/latest/userguide/eb-target-connection-create.md
index e612d3df3..0d80db3a7 100644
--- a//eventbridge/latest/userguide/eb-target-connection-create.md
+++ b//eventbridge/latest/userguide/eb-target-connection-create.md
@@ -3 +3 @@
-Define the connectionConfigure invocationConfigure authorization
+Define the connectionConfigure invocationConfigure authorizationConfigure encryption
@@ -16,0 +17,2 @@ The following steps walk you through how to create a connection to an HTTPS endp
+  * Configure encryption
+
@@ -54 +56 @@ You are taken to the Amazon VPC Lattice service console, where you can create a
-Lastly, specify the authorization settings to use to access the endpoint. 
+Next, specify the authorization settings to use to access the endpoint. 
@@ -172 +174,26 @@ To include an additional parameter, choose **Add parameter**.
-  3. Choose **Create Connection**.
+
+
+
+## Configure encryption
+
+Lastly, specify the type of KMS key you want EventBridge to use when encrypting and decrypting the authorization parameters that it stores as a secret in AWS Secrets Manager.. By default, EventBridge uses an AWS owned key.
+
+For more information, see [Encrypting connections](./encryption-connections.html).
+
+  1. Choose the KMS key for EventBridge to use when encrypting the connection secret.
+
+     * Choose **Use AWS owned key** for EventBridge to encrypt the secret using an AWS owned key.
+
+This AWS owned key is a KMS key that EventBridge owns and manages for use in multiple AWS accounts. In general, unless you are required to audit or control the encryption key that protects your resources, an AWS owned key is a good choice. 
+
+This is the default.
+
+     * Choose **Use customer managed key** for EventBridge to encrypt the secret using the customer managed key that you specify or create.
+
+Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys.
+
+       1. Specify an existing customer managed key, or choose **Create a new KMS key**.
+
+EventBridge displays the key status and any key aliases that have been associated with the specified customer managed key.
+
+  2. Choose **Create Connection**.