AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-07 · Documentation medium

File: kms/latest/developerguide/ct-generatedatakeyplaintext.md

Summary

Modified CloudTrail example with eventVersion update, added keyMaterialId, removed errorCode, and TLS details

Security assessment

Removal of errorCode appears unrelated to security. TLS documentation improvements enhance security transparency without addressing vulnerabilities.

Diff

diff --git a/kms/latest/developerguide/ct-generatedatakeyplaintext.md b/kms/latest/developerguide/ct-generatedatakeyplaintext.md
index 0ba7841de..19cf43461 100644
--- a//kms/latest/developerguide/ct-generatedatakeyplaintext.md
+++ b//kms/latest/developerguide/ct-generatedatakeyplaintext.md
@@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
-        "eventVersion": "1.02",
+        "eventVersion": "1.11",
@@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
-        "eventTime": "2014-11-04T00:52:23Z",
+        "eventTime": "2025-05-20T20:46:16Z",
@@ -26 +25,0 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
-        "errorCode": "InvalidKeyUsageException",
@@ -34,0 +34,3 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
+        "additionalEventData": {
+            "keyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0"
+        },
@@ -42,0 +45 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
+        "managementEvent": true,
@@ -43,0 +47,6 @@ The following example shows an AWS CloudTrail log entry for the [GenerateDataKey
+        "eventCategory": "Management",
+        "tlsDetails": {
+            "tlsVersion": "TLSv1.3",
+            "cipherSuite": "TLS_AES_256_GCM_SHA384",
+            "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com"
+        }