AWS kms documentation change
Summary
Modified CloudTrail example with eventVersion update, added keyMaterialId, removed errorCode, and TLS details
Security assessment
Removal of errorCode appears unrelated to security. TLS documentation improvements enhance security transparency without addressing vulnerabilities.
Diff
diff --git a/kms/latest/developerguide/ct-generatedatakeyplaintext.md b/kms/latest/developerguide/ct-generatedatakeyplaintext.md index 0ba7841de..19cf43461 100644 --- a//kms/latest/developerguide/ct-generatedatakeyplaintext.md +++ b//kms/latest/developerguide/ct-generatedatakeyplaintext.md @@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey - "eventVersion": "1.02", + "eventVersion": "1.11", @@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey - "eventTime": "2014-11-04T00:52:23Z", + "eventTime": "2025-05-20T20:46:16Z", @@ -26 +25,0 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey - "errorCode": "InvalidKeyUsageException", @@ -34,0 +34,3 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey + "additionalEventData": { + "keyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0" + }, @@ -42,0 +45 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey + "managementEvent": true, @@ -43,0 +47,6 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey + "eventCategory": "Management", + "tlsDetails": { + "tlsVersion": "TLSv1.3", + "cipherSuite": "TLS_AES_256_GCM_SHA384", + "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com" + }