AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-07 · Documentation medium

File: kms/latest/developerguide/ct-encrypt.md

Summary

Updated CloudTrail log example with new eventVersion, added keyMaterialId, managementEvent flag, eventCategory, and TLS connection details

Security assessment

Added TLSv1.3 cipher suite documentation improves transparency about secure communication standards but does not indicate a vulnerability fix. The keyMaterialId addition enhances audit trail capabilities.

Diff

diff --git a/kms/latest/developerguide/ct-encrypt.md b/kms/latest/developerguide/ct-encrypt.md
index 0ae4ad2a2..b28fce34a 100644
--- a//kms/latest/developerguide/ct-encrypt.md
+++ b//kms/latest/developerguide/ct-encrypt.md
@@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https:
-        "eventVersion": "1.02",
+        "eventVersion": "1.11",
@@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https:
-        "eventTime": "2022-07-14T20:17:42Z",
+        "eventTime": "2025-05-20T20:46:16Z",
@@ -33,0 +34,3 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https:
+        "additionalEventData": {
+            "keyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0"
+        },
@@ -41,0 +45 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https:
+        "managementEvent": true,
@@ -42,0 +47,6 @@ The following example shows an AWS CloudTrail log entry for the [Encrypt](https:
+        "eventCategory": "Management",
+        "tlsDetails": {
+            "tlsVersion": "TLSv1.3",
+            "cipherSuite": "TLS_AES_256_GCM_SHA384",
+            "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com"
+        }