AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-19 · Documentation low

File: kms/latest/developerguide/create-cmk-keystore.md

Summary

Added note about IPv6 incompatibility with CloudHSM key stores

Security assessment

Documents a technical limitation rather than addressing a security vulnerability or adding security features

Diff

diff --git a/kms/latest/developerguide/create-cmk-keystore.md b/kms/latest/developerguide/create-cmk-keystore.md
index eb2431cee..fb38b36c8 100644
--- a//kms/latest/developerguide/create-cmk-keystore.md
+++ b//kms/latest/developerguide/create-cmk-keystore.md
@@ -9 +9 @@ Create a new KMS key in your CloudHSM key store
-After you have created an AWS CloudHSM key store, you can create AWS KMS keys in your key store. They must be [symmetric encryption KMS keys](./symm-asymm-choose-key-spec.html#symmetric-cmks) with key material that AWS KMS generates. You cannot create [asymmetric KMS keys](./symmetric-asymmetric.html), [HMAC KMS keys](./hmac.html) or KMS keys with [imported key material](./importing-keys.html) in a custom key store. Also, you cannot use symmetric encryption KMS keys in a custom key store to generate asymmetric data key pairs.
+After you have created an AWS CloudHSM key store, you can create AWS KMS keys in your key store. They must be [symmetric encryption KMS keys](./symm-asymm-choose-key-spec.html#symmetric-cmks) with key material that AWS KMS generates. You cannot create [asymmetric KMS keys](./symmetric-asymmetric.html), [HMAC KMS keys](./hmac.html) or KMS keys with [imported key material](./importing-keys.html) in a custom key store. Also, you cannot use symmetric encryption KMS keys in a custom key store to generate asymmetric data key pairs. KMS cannot communicate over IPv6 with AWS CloudHSM key stores.