AWS Security ChangesHomeSearch

AWS aws-backup documentation change

Service: aws-backup · 2025-05-16 · Documentation medium

File: aws-backup/latest/devguide/encryption.md

Summary

Clarified that cross-account backup copies use the target vault's KMS key for encryption

Security assessment

Enhances documentation about encryption practices by specifying KMS key ownership in cross-account scenarios, which is security-relevant but doesn't address a specific vulnerability.

Diff

diff --git a/aws-backup/latest/devguide/encryption.md b/aws-backup/latest/devguide/encryption.md
index 075560b5b..cd41ce88c 100644
--- a//aws-backup/latest/devguide/encryption.md
+++ b//aws-backup/latest/devguide/encryption.md
@@ -46 +46 @@ SAP HANA databases on Amazon EC2 instances | SAP HANA database backups are alway
-When you copy your backups across accounts or Regions, AWS Backup automatically encrypts those copies for most resource types, even if the original backup is unencrypted.
+When you copy your backups across accounts or Regions, AWS Backup automatically encrypts those copies for most resource types, even if the original backup is unencrypted. AWS Backup encrypts the copy using the KMS key of the target vault.