AWS aws-backup documentation change
Summary
Clarified that cross-account backup copies use the target vault's KMS key for encryption
Security assessment
Enhances documentation about encryption practices by specifying KMS key ownership in cross-account scenarios, which is security-relevant but doesn't address a specific vulnerability.
Diff
diff --git a/aws-backup/latest/devguide/encryption.md b/aws-backup/latest/devguide/encryption.md index 075560b5b..cd41ce88c 100644 --- a//aws-backup/latest/devguide/encryption.md +++ b//aws-backup/latest/devguide/encryption.md @@ -46 +46 @@ SAP HANA databases on Amazon EC2 instances | SAP HANA database backups are alway -When you copy your backups across accounts or Regions, AWS Backup automatically encrypts those copies for most resource types, even if the original backup is unencrypted. +When you copy your backups across accounts or Regions, AWS Backup automatically encrypts those copies for most resource types, even if the original backup is unencrypted. AWS Backup encrypts the copy using the KMS key of the target vault.