AWS kms medium security documentation change
Summary
Clarified firewall requirement specifies IPv4 communication on port 443
Security assessment
Explicitly specifying IPv4 prevents potential firewall misconfigurations that might allow unintended IPv6 traffic, improving network security controls
Diff
diff --git a/kms/latest/developerguide/choose-xks-connectivity.md b/kms/latest/developerguide/choose-xks-connectivity.md index 948ffcf90..1026b65ce 100644 --- a//kms/latest/developerguide/choose-xks-connectivity.md +++ b//kms/latest/developerguide/choose-xks-connectivity.md @@ -43 +43 @@ The subject common name (CN) on the TLS certificate must match the domain name i - * Ensure that any firewalls between AWS KMS and the external key store proxy allow traffic to and from port 443 on the proxy. AWS KMS communicates on port 443. This value is not configurable. + * Ensure that any firewalls between AWS KMS and the external key store proxy allow traffic to and from port 443 on the proxy. AWS KMS communicates on port 443 over IPv4. This value is not configurable.