AWS systems-manager high security documentation change
Summary
Added KMS key tagging requirement for Session Manager encryption
Security assessment
Mandatory KMS key tagging enhances encryption key management, ensuring keys used for session encryption are properly controlled and monitored. This addresses potential key misuse risks.
Diff
diff --git a/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-session-preferences.md b/systems-manager/latest/userguide/systems-manager-just-in-time-node-access-session-preferences.md index 3c9940a46..a66892c41 100644 --- a//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-session-preferences.md +++ b//systems-manager/latest/userguide/systems-manager-just-in-time-node-access-session-preferences.md @@ -12,0 +13,6 @@ Systems Manager doesn't automatically terminate just-in-time node access session +###### Important + +You must tag the AWS KMS keys used for Session Manager encryption and RDP recording in just-in-time node access with the tag key `SystemsManagerJustInTimeNodeAccessManaged` and tag value `true`. + +For information about tagging KMS keys, see [Tags in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html) in the _AWS Key Management Service Developer Guide_. +