AWS Security ChangesHomeSearch

AWS dms documentation change

Service: dms · 2025-04-23 · Documentation low

File: dms/latest/userguide/CHAP_Target.Kafka.md

Summary

Clarified that Kafka's PLAIN mechanism is not supported by Amazon MSK

Security assessment

The change clarifies authentication mechanism support boundaries but does not address a vulnerability. It enhances documentation about security-related authentication methods without indicating a security fix.

Diff

diff --git a/dms/latest/userguide/CHAP_Target.Kafka.md b/dms/latest/userguide/CHAP_Target.Kafka.md
index fea1e2129..b3e53d092 100644
--- a//dms/latest/userguide/CHAP_Target.Kafka.md
+++ b//dms/latest/userguide/CHAP_Target.Kafka.md
@@ -335 +335 @@ Then, when you create your Kafka target endpoint, set the security protocol endp
-  * For SASL-SSL authentication, AWS DMS supports the SCRAM-SHA-512 mechanism by default. AWS DMS versions 3.5.0 and higher also support the Plain mechanism. To support the Plain mechanism, set the `SaslMechanism` parameter of the `KafkaSettings` API data type to `PLAIN`.
+  * For SASL-SSL authentication, AWS DMS supports the SCRAM-SHA-512 mechanism by default. AWS DMS versions 3.5.0 and higher also support the Plain mechanism. To support the Plain mechanism, set the `SaslMechanism` parameter of the `KafkaSettings` API data type to `PLAIN`. The datatype `PLAIN` is supported by Kafka, but not supported by Amazon Kafka (MSK).