AWS Security ChangesHomeSearch

AWS athena documentation change

Service: athena · 2025-06-16 · Documentation low

File: athena/latest/ug/encrypting-managed-results.md

Summary

Replaced all instances of 'CMK' with 'customer managed key' terminology for consistency and clarity

Security assessment

The changes standardize terminology around KMS key management but do not address vulnerabilities. The documentation continues to describe existing security controls for encryption of query results.

Diff

diff --git a/athena/latest/ug/encrypting-managed-results.md b/athena/latest/ug/encrypting-managed-results.md
index dbb8cc8a8..e4f70785c 100644
--- a//athena/latest/ug/encrypting-managed-results.md
+++ b//athena/latest/ug/encrypting-managed-results.md
@@ -5 +5 @@
-Encrypt using an AWS owned keyEncrypt using AWS KMS customer managed key (CMK)How Athena uses CMK to encrypt results
+Encrypt using an AWS owned keyEncrypt using AWS KMS customer managed keyHow Athena uses customer managed key to encrypt results
@@ -15 +15 @@ This is the default option when you use managed query results. This option indic
-## Encrypt using AWS KMS customer managed key (CMK)
+## Encrypt using AWS KMS customer managed key
@@ -17 +17 @@ This is the default option when you use managed query results. This option indic
-Customer managed keys (CMK) are the KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, which includes establishing and maintaining their key policies, IAM policies and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to them, and scheduling them for deletion. For more information, see [Customer managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk).
+Customer managed keys are the KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, which includes establishing and maintaining their key policies, IAM policies and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to them, and scheduling them for deletion. For more information, see [Customer managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk).
@@ -19 +19 @@ Customer managed keys (CMK) are the KMS keys in your AWS account that you create
-## How Athena uses CMK to encrypt results
+## How Athena uses customer managed key to encrypt results
@@ -21 +21 @@ Customer managed keys (CMK) are the KMS keys in your AWS account that you create
-When you specify a customer managed key (CMK), Athena uses it to encrypt the query results when stored in managed query results. The same key is used to decrypt the results when you call `GetQueryResults`. When you set the state of the CMK to disabled or schedule it for deletion, it prevents Athena and all users from encrypting or decrypting results with that key.
+When you specify a customer managed key, Athena uses it to encrypt the query results when stored in managed query results. The same key is used to decrypt the results when you call `GetQueryResults`. When you set the state of the customer managed key to disabled or schedule it for deletion, it prevents Athena and all users from encrypting or decrypting results with that key.
@@ -25 +25 @@ Athena uses envelope encryption and key hierarchy to encrypt data. Your AWS KMS
-Each result is encrypted using the CMK configured in the workgroup at the time of encryption. Switching the key to a different CMK or to an AWS owned key does not re-encrypt existing results with the new key. Deleting and disabling a particular CMK only affects decryption of the results that the key encrypted.
+Each result is encrypted using the customer managed key configured in the workgroup at the time of encryption. Switching the key to a different customer managed key or to an AWS owned key does not re-encrypt existing results with the new key. Deleting and disabling a particular customer managed key only affects decryption of the results that the key encrypted.