AWS Security ChangesHomeSearch

AWS awscloudtrail documentation change

Service: awscloudtrail · 2025-05-28 · Documentation low

File: awscloudtrail/latest/userguide/granting-kms-permissions.md

Summary

Updated UI navigation steps for attaching KMS policy and expanded encryption scope documentation

Security assessment

Changes describe UI workflow updates and expanded encryption coverage to include digest files/event data stores, but do not address specific vulnerabilities or weaknesses

Diff

diff --git a/awscloudtrail/latest/userguide/granting-kms-permissions.md b/awscloudtrail/latest/userguide/granting-kms-permissions.md
index 16c29d4a2..6f8cc9e79 100644
--- a//awscloudtrail/latest/userguide/granting-kms-permissions.md
+++ b//awscloudtrail/latest/userguide/granting-kms-permissions.md
@@ -15 +15 @@ You can grant users permission to create an AWS KMS key with the [`AWSKeyManagem
-  3. Choose **Permissions** , and then choose **Attach Policy**. 
+  3. Choose the **Permissions** tab.
@@ -17 +17,3 @@ You can grant users permission to create an AWS KMS key with the [`AWSKeyManagem
-  4. Search for **AWSKeyManagementServicePowerUser** , choose the policy, and then choose **Attach policy**. 
+  4. From the **Add permissions** list, choose **Attach policies**. 
+
+  5. Search for **AWSKeyManagementServicePowerUser** , choose the policy, and then choose **Attach policies**. 
@@ -30 +32 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Encrypting CloudTrail log files with AWS KMS keys (SSE-KMS)
+Encrypting CloudTrail log files, digest files, and event data stores with AWS KMS keys (SSE-KMS)