AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-06-04 · Documentation low

File: lake-formation/latest/dg/register-encrypted.md

Summary

Added guidance about using KMS key aliases instead of key IDs

Security assessment

Promotes security best practices for key management by recommending alias usage, but doesn't address a specific security vulnerability.

Diff

diff --git a/lake-formation/latest/dg/register-encrypted.md b/lake-formation/latest/dg/register-encrypted.md
index f84115a24..0416580a0 100644
--- a//lake-formation/latest/dg/register-encrypted.md
+++ b//lake-formation/latest/dg/register-encrypted.md
@@ -124,0 +125,4 @@ If the Amazon S3 location is not in the same AWS account as the Data Catalog, fo
+You can use KMS key aliases instead of the key ID - `arn:aws:kms:region:account-id:key/alias/your-key-alias`
+
+For more information, see [Aliases in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) section in the AWS Key Management Service Developer Guide.
+