AWS kms documentation change
Summary
Updated CloudTrail log example with new eventVersion, added keyMaterialId, managementEvent flag, eventCategory, and TLS connection details
Security assessment
Added TLSv1.3 cipher suite documentation improves transparency about secure communication standards but does not indicate a vulnerability fix. The keyMaterialId addition enhances audit trail capabilities.
Diff
diff --git a/kms/latest/developerguide/ct-encrypt.md b/kms/latest/developerguide/ct-encrypt.md index 0ae4ad2a2..b28fce34a 100644 --- a//kms/latest/developerguide/ct-encrypt.md +++ b//kms/latest/developerguide/ct-encrypt.md @@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https: - "eventVersion": "1.02", + "eventVersion": "1.11", @@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https: - "eventTime": "2022-07-14T20:17:42Z", + "eventTime": "2025-05-20T20:46:16Z", @@ -33,0 +34,3 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https: + "additionalEventData": { + "keyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0" + }, @@ -41,0 +45 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https: + "managementEvent": true, @@ -42,0 +47,6 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https: + "eventCategory": "Management", + "tlsDetails": { + "tlsVersion": "TLSv1.3", + "cipherSuite": "TLS_AES_256_GCM_SHA384", + "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com" + }