AWS ses documentation change
Summary
Updated S3 documentation links from 'dev' to 'userguide' path references
Security assessment
The changes correct documentation URLs but do not alter security guidance. The existing security context about KMS key usage remains unchanged.
Diff
diff --git a/ses/latest/dg/receiving-email-action-s3.md b/ses/latest/dg/receiving-email-action-s3.md index a8765e434..0e2f2e4b4 100644 --- a//ses/latest/dg/receiving-email-action-s3.md +++ b//ses/latest/dg/receiving-email-action-s3.md @@ -19 +19 @@ The **Deliver to S3 bucket** action delivers the mail to an S3 bucket and can op - * If applying encryption on your S3 bucket by specifying your own KMS key, be sure to use the fully qualified KMS key ARN, and not the KMS key alias; using the alias can result in data encrypted with a KMS key that belongs to the requester, and not the bucket administrator. See [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/bucket-encryption.html#bucket-encryption-update-bucket-policy). + * If applying encryption on your S3 bucket by specifying your own KMS key, be sure to use the fully qualified KMS key ARN, and not the KMS key alias; using the alias can result in data encrypted with a KMS key that belongs to the requester, and not the bucket administrator. See [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html#bucket-encryption-update-bucket-policy). @@ -39 +39 @@ For more information about using KMS with SES, see the [AWS Key Management Servi -Your mail is encrypted by SES using the S3 encryption client before the mail is submitted to S3 for storage. It is not encrypted using S3 server-side encryption. This means that you must use the S3 encryption client to decrypt the email after retrieving it from S3, as the service has no access to use your KMS keys for decryption. This encryption client is available in the [AWS SDK for Java](https://aws.amazon.com/sdk-for-java/) and the [AWS SDK for Ruby](https://aws.amazon.com/sdk-for-ruby/). For more information, see the [Amazon Simple Storage Service User Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html). +Your mail is encrypted by SES using the S3 encryption client before the mail is submitted to S3 for storage. It is not encrypted using S3 server-side encryption. This means that you must use the S3 encryption client to decrypt the email after retrieving it from S3, as the service has no access to use your KMS keys for decryption. This encryption client is available in the [AWS SDK for Java](https://aws.amazon.com/sdk-for-java/) and the [AWS SDK for Ruby](https://aws.amazon.com/sdk-for-ruby/). For more information, see the [Amazon Simple Storage Service User Guide](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingClientSideEncryption.html).