AWS kms documentation change
Summary
Added note about IPv6 incompatibility with CloudHSM key stores
Security assessment
Documents a technical limitation rather than addressing a security vulnerability or adding security features
Diff
diff --git a/kms/latest/developerguide/create-cmk-keystore.md b/kms/latest/developerguide/create-cmk-keystore.md index eb2431cee..fb38b36c8 100644 --- a//kms/latest/developerguide/create-cmk-keystore.md +++ b//kms/latest/developerguide/create-cmk-keystore.md @@ -9 +9 @@ Create a new KMS key in your CloudHSM key store -After you have created an AWS CloudHSM key store, you can create AWS KMS keys in your key store. They must be [symmetric encryption KMS keys](./symm-asymm-choose-key-spec.html#symmetric-cmks) with key material that AWS KMS generates. You cannot create [asymmetric KMS keys](./symmetric-asymmetric.html), [HMAC KMS keys](./hmac.html) or KMS keys with [imported key material](./importing-keys.html) in a custom key store. Also, you cannot use symmetric encryption KMS keys in a custom key store to generate asymmetric data key pairs. +After you have created an AWS CloudHSM key store, you can create AWS KMS keys in your key store. They must be [symmetric encryption KMS keys](./symm-asymm-choose-key-spec.html#symmetric-cmks) with key material that AWS KMS generates. You cannot create [asymmetric KMS keys](./symmetric-asymmetric.html), [HMAC KMS keys](./hmac.html) or KMS keys with [imported key material](./importing-keys.html) in a custom key store. Also, you cannot use symmetric encryption KMS keys in a custom key store to generate asymmetric data key pairs. KMS cannot communicate over IPv6 with AWS CloudHSM key stores.