AWS kms documentation change
Summary
Updated eventVersion, added keyMaterialId, managementEvent flag, eventCategory, and TLS details in CloudTrail example
Security assessment
Documentation of TLS 1.3 usage and key material tracking improves security visibility but shows no evidence of addressing a specific vulnerability.
Diff
diff --git a/kms/latest/developerguide/ct-generatedatakey.md b/kms/latest/developerguide/ct-generatedatakey.md index 3f35c5f1f..f86c206aa 100644 --- a//kms/latest/developerguide/ct-generatedatakey.md +++ b//kms/latest/developerguide/ct-generatedatakey.md @@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey - "eventVersion": "1.02", + "eventVersion": "1.11", @@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey - "eventTime": "2014-11-04T00:52:40Z", + "eventTime": "2025-05-20T20:46:16Z", @@ -34,0 +35,3 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey + "additionalEventData": { + "keyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0" + }, @@ -42,0 +46 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey + "managementEvent": true, @@ -43,0 +48,6 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey + "eventCategory": "Management", + "tlsDetails": { + "tlsVersion": "TLSv1.3", + "cipherSuite": "TLS_AES_256_GCM_SHA384", + "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com" + }