AWS lake-formation documentation change
Summary
Added guidance about using KMS key aliases instead of key IDs
Security assessment
Promotes security best practices for key management by recommending alias usage, but doesn't address a specific security vulnerability.
Diff
diff --git a/lake-formation/latest/dg/register-encrypted.md b/lake-formation/latest/dg/register-encrypted.md index f84115a24..0416580a0 100644 --- a//lake-formation/latest/dg/register-encrypted.md +++ b//lake-formation/latest/dg/register-encrypted.md @@ -124,0 +125,4 @@ If the Amazon S3 location is not in the same AWS account as the Data Catalog, fo +You can use KMS key aliases instead of the key ID - `arn:aws:kms:region:account-id:key/alias/your-key-alias` + +For more information, see [Aliases in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) section in the AWS Key Management Service Developer Guide. +