AWS kms documentation change
Summary
Minor typo correction: changed 're-import' to 'reimport' in a sentence about imported key material.
Security assessment
The change is a grammatical correction with no impact on security content. No security-related context or vulnerability is addressed.
Diff
diff --git a/kms/latest/developerguide/key-store-overview.md b/kms/latest/developerguide/key-store-overview.md index 21a9872c6..8afa09087 100644 --- a//kms/latest/developerguide/key-store-overview.md +++ b//kms/latest/developerguide/key-store-overview.md @@ -23 +23 @@ Instead of asking AWS KMS to both generate and store the only copies of a given -Imported key material may be useful if you have specific requirements around the system that generates keys, or want a copy of your key outside of AWS as a backup. Note that you are responsible for an imported key material's overall availability and durability. While AWS KMS has a copy of your imported key and will keep highly available while you need it, imported keys offer a special API for deletion – DeleteImportedKeyMaterial. This API will immediately delete all copies of the imported key material that AWS KMS has, with no option for AWS to recover the key. In addition, you can set an expiration time on an imported key, after which the key will be unusable. To make the key useful again in AWS KMS, you will have to re-import the key material and assign it to the same keyId. This deletion action for imported keys is different than standard keys that AWS KMS generates and stored for you on your behalf. In the standard case, the key deletion process has a mandatory waiting period where a key scheduled for deletion is first blocked from usage. This action allows you to see access denied errors in logs from any application or AWS service that might need that key to access data. If you see such access requests, you can choose to cancel the scheduled deletion and re-enable the key. After a configurable waiting period (between 7 and 30 days), only then will KMS actually delete the key material, the keyID and all metadata associated with the key. For more information about availability and durability, see [Protecting imported key material](./import-keys-protect.html) in the _AWS KMS Developer Guide_. +Imported key material may be useful if you have specific requirements around the system that generates keys, or want a copy of your key outside of AWS as a backup. Note that you are responsible for an imported key material's overall availability and durability. While AWS KMS has a copy of your imported key and will keep highly available while you need it, imported keys offer a special API for deletion – DeleteImportedKeyMaterial. This API will immediately delete all copies of the imported key material that AWS KMS has, with no option for AWS to recover the key. In addition, you can set an expiration time on an imported key, after which the key will be unusable. To make the key useful again in AWS KMS, you will have to reimport the key material and assign it to the same keyId. This deletion action for imported keys is different than standard keys that AWS KMS generates and stored for you on your behalf. In the standard case, the key deletion process has a mandatory waiting period where a key scheduled for deletion is first blocked from usage. This action allows you to see access denied errors in logs from any application or AWS service that might need that key to access data. If you see such access requests, you can choose to cancel the scheduled deletion and re-enable the key. After a configurable waiting period (between 7 and 30 days), only then will KMS actually delete the key material, the keyID and all metadata associated with the key. For more information about availability and durability, see [Protecting imported key material](./import-keys-protect.html) in the _AWS KMS Developer Guide_.