AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-07 · Documentation low

File: kms/latest/developerguide/ct-reencrypt.md

Summary

Updated CloudTrail log example for ReEncrypt operation with new eventVersion (1.11), added key material IDs in additionalEventData, managementEvent flag, TLS details, and future timestamp

Security assessment

Added TLS version/cipher suite documentation improves transparency about secure connections. Tracking key material IDs enhances audit capabilities. However, no evidence of addressing a specific vulnerability.

Diff

diff --git a/kms/latest/developerguide/ct-reencrypt.md b/kms/latest/developerguide/ct-reencrypt.md
index 1669087a7..e0934c18d 100644
--- a//kms/latest/developerguide/ct-reencrypt.md
+++ b//kms/latest/developerguide/ct-reencrypt.md
@@ -11 +11 @@ The following example shows an AWS CloudTrail log entry for the [ReEncrypt](http
-        "eventVersion": "1.05",
+        "eventVersion": "1.11",
@@ -20 +20 @@ The following example shows an AWS CloudTrail log entry for the [ReEncrypt](http
-        "eventTime": "2020-07-27T23:09:13Z",
+        "eventTime": "2025-05-22T19:34:55Z",
@@ -38,0 +39,4 @@ The following example shows an AWS CloudTrail log entry for the [ReEncrypt](http
+        "additionalEventData": {
+            "destinationKeyMaterialId": "96083e4fb6dbc41d77578a213a6b6669c044dd4c143e96755396d2bf11fd6068",
+            "sourceKeyMaterialId": "123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0"
+        },
@@ -54,0 +59 @@ The following example shows an AWS CloudTrail log entry for the [ReEncrypt](http
+        "managementEvent": true,
@@ -55,0 +61,6 @@ The following example shows an AWS CloudTrail log entry for the [ReEncrypt](http
+        "eventCategory": "Management",
+        "tlsDetails": {
+            "tlsVersion": "TLSv1.3",
+            "cipherSuite": "TLS_AES_256_GCM_SHA384",
+            "clientProvidedHostHeader": "kms.us-west-2.amazonaws.com"
+        }