AWS Security ChangesHomeSearch

AWS ebs documentation change

Service: ebs · 2025-05-16 · Documentation low

File: ebs/latest/userguide/encryption-by-default.md

Summary

Updated CLI/PowerShell command syntax, added API links, and minor wording changes (e.g., 'cannot' to 'can't'). Removed shell prompts ($, PS C:\>) from code examples.

Security assessment

Changes improve documentation clarity for encryption-by-default configuration but do not address a specific security vulnerability. The added API links and command examples enhance guidance for managing encryption (a security feature), but there's no evidence of a patched issue.

Diff

diff --git a/ebs/latest/userguide/encryption-by-default.md b/ebs/latest/userguide/encryption-by-default.md
index 23ca1273c..fff6e2818 100644
--- a//ebs/latest/userguide/encryption-by-default.md
+++ b//ebs/latest/userguide/encryption-by-default.md
@@ -24 +24 @@ Encryption by default has no effect on existing EBS volumes or snapshots.
-Amazon EC2 console
+Console
@@ -50,0 +51,2 @@ AWS CLI
+Use the [get-ebs-encryption-by-default](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/get-ebs-encryption-by-default.html) command.
+
@@ -53 +55 @@ AWS CLI
-        $ aws ec2 get-ebs-encryption-by-default --region region
+        aws ec2 get-ebs-encryption-by-default --region region
@@ -57 +59 @@ AWS CLI
-        $ echo -e "Region      \t Encrypt \t Key"; \
+        echo -e "Region      \t Encrypt \t Key"; \
@@ -70,0 +73,2 @@ AWS CLI
+Use the [enable-ebs-encryption-by-default](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/enable-ebs-encryption-by-default.html) command.
+
@@ -73 +77 @@ AWS CLI
-        $ aws ec2 enable-ebs-encryption-by-default --region region
+        aws ec2 enable-ebs-encryption-by-default --region region
@@ -77 +81 @@ AWS CLI
-        $ echo -e "Region      \t Encrypt \t Key"; \
+        echo -e "Region      \t Encrypt \t Key"; \
@@ -90,0 +95,2 @@ AWS CLI
+Use the [disable-ebs-encryption-by-default](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/disable-ebs-encryption-by-default.html) command.
+
@@ -93 +99 @@ AWS CLI
-        $ aws ec2 disable-ebs-encryption-by-default --region region
+        aws ec2 disable-ebs-encryption-by-default --region region
@@ -97 +103 @@ AWS CLI
-        $ echo -e "Region      \t Encrypt \t Key"; \
+        echo -e "Region      \t Encrypt \t Key"; \
@@ -113,0 +120,2 @@ PowerShell
+Use the [Get-EC2EbsEncryptionByDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-EC2EbsEncryptionByDefault.html) cmdlet.
+
@@ -116 +124 @@ PowerShell
-        PS C:\> Get-EC2EbsEncryptionByDefault -Region region
+        Get-EC2EbsEncryptionByDefault -Region region
@@ -120 +128 @@ PowerShell
-        PS C:\> (Get-EC2Region).RegionName |`
+        (Get-EC2Region).RegionName |`
@@ -133,0 +142,2 @@ PowerShell
+Use the [Enable-EC2EbsEncryptionByDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Enable-EC2EbsEncryptionByDefault.html) cmdlet.
+
@@ -136 +146 @@ PowerShell
-        PS C:\> Enable-EC2EbsEncryptionByDefault -Region region
+        Enable-EC2EbsEncryptionByDefault -Region region
@@ -140 +150 @@ PowerShell
-        PS C:\> (Get-EC2Region).RegionName |`
+        (Get-EC2Region).RegionName |`
@@ -153,0 +164,2 @@ PowerShell
+Use the [Disable-EC2EbsEncryptionByDefault](https://docs.aws.amazon.com/powershell/latest/reference/items/Disable-EC2EbsEncryptionByDefault.html) cmdlet.
+
@@ -156 +168 @@ PowerShell
-        PS C:\> Disable-EC2EbsEncryptionByDefault -Region region
+        Disable-EC2EbsEncryptionByDefault -Region region
@@ -160 +172 @@ PowerShell
-        PS C:\> (Get-EC2Region).RegionName |`
+        (Get-EC2Region).RegionName |`
@@ -172 +184 @@ PowerShell
-You cannot change the KMS key that is associated with an existing snapshot or encrypted volume. However, you can associate a different KMS key during a snapshot copy operation so that the resulting copied snapshot is encrypted by the new KMS key.
+You can't change the KMS key that is associated with an existing snapshot or encrypted volume. However, you can associate a different KMS key during a snapshot copy operation so that the resulting copied snapshot is encrypted by the new KMS key.