AWS Security ChangesHomeSearch

AWS redshift documentation change

Service: redshift · 2025-05-03 · Documentation medium

File: redshift/latest/dg/r_COPY.md

Summary

Added deprecation notice for client-side encryption in COPY/UNLOAD commands, recommending migration to server-side encryption by 2026

Security assessment

The change phases out client-side encryption but does not indicate an active vulnerability. It updates security guidance by deprecating a less preferred encryption method in favor of server-side encryption, which is a security best practice improvement.

Diff

diff --git a/redshift/latest/dg/r_COPY.md b/redshift/latest/dg/r_COPY.md
index 9628881ea..7d1956f99 100644
--- a//redshift/latest/dg/r_COPY.md
+++ b//redshift/latest/dg/r_COPY.md
@@ -8,0 +9,3 @@ Required permissions for COPYCOPY syntaxRequired parametersOptional parametersUs
+_**Client-side encryption for COPY and UNLOAD commands will no longer be open to new customers starting April 30, 2025. If you used client-side encryption with COPY and UNLOAD commands in the 12 months before April 30, 2025, you can continue to use client side encryption with COPY or UNLOAD commands until April 30, 2026. After April 30, 2026, you won't be able to use client-side encryption for COPY and UNLOAD. We recommend that you switch to using server-side encryption for COPY and UNLOAD as soon as possible. If you're already using server-side encryption for COPY and UNLOAD, there's no change and you can continue to use it without altering your queries. For more information on encryption for COPY and UNLOAD, see the ENCRYPTED parameter below.**_  
+---  
+