AWS redshift documentation change
Summary
Added deprecation notice for client-side encryption in COPY/UNLOAD commands, recommending migration to server-side encryption by 2026
Security assessment
The change phases out client-side encryption but does not indicate an active vulnerability. It updates security guidance by deprecating a less preferred encryption method in favor of server-side encryption, which is a security best practice improvement.
Diff
diff --git a/redshift/latest/dg/r_COPY.md b/redshift/latest/dg/r_COPY.md index 9628881ea..7d1956f99 100644 --- a//redshift/latest/dg/r_COPY.md +++ b//redshift/latest/dg/r_COPY.md @@ -8,0 +9,3 @@ Required permissions for COPYCOPY syntaxRequired parametersOptional parametersUs +_**Client-side encryption for COPY and UNLOAD commands will no longer be open to new customers starting April 30, 2025. If you used client-side encryption with COPY and UNLOAD commands in the 12 months before April 30, 2025, you can continue to use client side encryption with COPY or UNLOAD commands until April 30, 2026. After April 30, 2026, you won't be able to use client-side encryption for COPY and UNLOAD. We recommend that you switch to using server-side encryption for COPY and UNLOAD as soon as possible. If you're already using server-side encryption for COPY and UNLOAD, there's no change and you can continue to use it without altering your queries. For more information on encryption for COPY and UNLOAD, see the ENCRYPTED parameter below.**_ +--- +