AWS Security ChangesHomeSearch

AWS dms documentation change

Service: dms · 2025-06-07 · Documentation medium

File: dms/latest/userguide/set-up.md

Summary

Added note restricting DMS Schema Conversion to only work with S3 buckets using SSE-S3 encryption

Security assessment

Explicitly documents encryption requirements for secure data storage during migrations. While security-related, this is preventive guidance rather than addressing a known vulnerability.

Diff

diff --git a/dms/latest/userguide/set-up.md b/dms/latest/userguide/set-up.md
index 4a3f2c47a..b60e494cf 100644
--- a//dms/latest/userguide/set-up.md
+++ b//dms/latest/userguide/set-up.md
@@ -85,0 +86,4 @@ To store information from your migration project, create an Amazon S3 bucket. DM
+###### Note
+
+DMS Schema Conversion (SC) works only with S3 buckets that use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). Other encryption configurations, including Server-Side Encryption with AWS KMS (SSE-KMS), Customer-Provided Keys (SSE-C), or Client-Side Encryption, are not currently supported by SC and prevents it from accessing the S3 bucket. If using a different encryption method, you must create a separate S3 bucket with SSE-S3 for use with DMS Schema Conversion.
+