AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-07 · Documentation medium

File: kms/latest/developerguide/ct-generatedatakey.md

Summary

Updated eventVersion, added keyMaterialId, managementEvent flag, eventCategory, and TLS details in CloudTrail example

Security assessment

Documentation of TLS 1.3 usage and key material tracking improves security visibility but shows no evidence of addressing a specific vulnerability.

Diff

diff --git a/kms/latest/developerguide/ct-generatedatakey.md b/kms/latest/developerguide/ct-generatedatakey.md
index 3f35c5f1f..f86c206aa 100644
--- a//kms/latest/developerguide/ct-generatedatakey.md
+++ b//kms/latest/developerguide/ct-generatedatakey.md
@@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
-        "eventVersion": "1.02",
+        "eventVersion": "1.11",
@@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
-        "eventTime": "2014-11-04T00:52:40Z",
+        "eventTime": "2025-05-20T20:46:16Z",
@@ -34,0 +35,3 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
+        "additionalEventData": {
+            "keyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0"
+        },
@@ -42,0 +46 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
+        "managementEvent": true,
@@ -43,0 +48,6 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
+        "eventCategory": "Management",
+        "tlsDetails": {
+            "tlsVersion": "TLSv1.3",
+            "cipherSuite": "TLS_AES_256_GCM_SHA384",
+            "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com"
+        }