AWS amazonq documentation change
Summary
Clarified behavior when changing KMS keys for encrypting conversations, emphasizing that previous conversations encrypted with old keys won't be retained
Security assessment
The change provides clearer documentation about encryption key rotation practices but does not indicate any security vulnerability being addressed. It reinforces proper security practices for data retention during key changes.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/data-encryption.md b/amazonq/latest/qdeveloper-ug/data-encryption.md index 330fca9b9..b2c748072 100644 --- a//amazonq/latest/qdeveloper-ug/data-encryption.md +++ b//amazonq/latest/qdeveloper-ug/data-encryption.md @@ -38 +38 @@ When you use a customer managed key, Amazon Q Developer makes use of KMS grants, -If you change the KMS key used to encrypt chats with Amazon Q in the AWS console, you must start a new conversation to begin using the new key to encrypt your data. Your conversation history that was encrypted with the previous key won’t be retained in future chats, and only future chats will be encrypted with the updated key. If you want to maintain your conversation history from a previous encryption method, you can revert to the key you were using during that conversation. If you change the KMS key used to encrypt diagnosing console error sessions, you must start a new diagnose session to being using the new key to encrypt your data. +If you change the KMS key used to encrypt chats with Amazon Q in the AWS console, you must start a new conversation to begin using the new key to encrypt your data. Any conversations that were encrypted with the previous key won’t be retained, and only future conversations will be encrypted with the updated key. If you want to maintain your conversations from a previous encryption method, you can revert to the key you were using during those conversations. If you change the KMS key used to encrypt diagnosing console error sessions, you must start a new diagnose session to being using the new key to encrypt your data.