AWS AmazonS3 documentation change
Summary
Corrected AWS CLI command syntax for encrypting objects with DSSE-KMS.
Security assessment
The fix ensures proper usage of DSSE-KMS encryption via the CLI, which is a security feature. However, it does not address a disclosed security issue.
Diff
diff --git a/AmazonS3/latest/userguide/specifying-dsse-encryption.md b/AmazonS3/latest/userguide/specifying-dsse-encryption.md index 0791fe66a..0a5ef48b7 100644 --- a//AmazonS3/latest/userguide/specifying-dsse-encryption.md +++ b//AmazonS3/latest/userguide/specifying-dsse-encryption.md @@ -176 +176 @@ You can encrypt an unencrypted object to use DSSE-KMS by copying the object back - aws s3api copy-object --bucket amzn-s3-demo-bucket --key example-object-key --body filepath --bucket amzn-s3-demo-bucket --key example-object-key --sse aws:kms:dsse --sse-kms-key-id example-key-id --body filepath + aws s3api copy-object --bucket amzn-s3-demo-bucket --key example-object-key --copy-source amzn-s3-demo-bucket/example-object-key --server-side-encryption aws:kms:dsse --ssekms-key-id example-key-id