AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-06-19 · Documentation low

File: kms/latest/developerguide/fix-keystore.md

Summary

Added clarification that KMS cannot communicate with AWS CloudHSM clusters over IPv6 and linked prerequisites documentation

Security assessment

The change highlights a network configuration constraint (IPv6 incompatibility) that could prevent misconfigurations leading to communication failures. While it addresses potential operational issues, there is no evidence of a specific security vulnerability being patched.

Diff

diff --git a/kms/latest/developerguide/fix-keystore.md b/kms/latest/developerguide/fix-keystore.md
index 78592053a..5a157f897 100644
--- a//kms/latest/developerguide/fix-keystore.md
+++ b//kms/latest/developerguide/fix-keystore.md
@@ -121 +121 @@ KMS cannot communicate with your CloudHSM cluster. This might be a transient net
-  * Although this is an HTTPS 400 error, it might result from transient network issues. To respond, begin by retrying the request. However, if it continues to fail, examine the configuration of your networking components. This error is most likely caused by the misconfiguration of a networking component, such as a firewall rule or VPC security group rule that is blocking outgoing traffic. 
+  * Although this is an HTTPS 400 error, it might result from transient network issues. To respond, begin by retrying the request. However, if it continues to fail, examine the configuration of your networking components. This error is most likely caused by the misconfiguration of a networking component, such as a firewall rule or VPC security group rule that is blocking outgoing traffic. For example, KMS cannot communicate with AWS CloudHSM clusters over IPv6. For details on prerequisites, see [Create an AWS CloudHSM key store](./create-keystore.html).