AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-06-22 · Documentation low

File: AmazonS3/latest/userguide/specifying-dsse-encryption.md

Summary

Corrected AWS CLI command syntax for encrypting objects with DSSE-KMS.

Security assessment

The fix ensures proper usage of DSSE-KMS encryption via the CLI, which is a security feature. However, it does not address a disclosed security issue.

Diff

diff --git a/AmazonS3/latest/userguide/specifying-dsse-encryption.md b/AmazonS3/latest/userguide/specifying-dsse-encryption.md
index 0791fe66a..0a5ef48b7 100644
--- a//AmazonS3/latest/userguide/specifying-dsse-encryption.md
+++ b//AmazonS3/latest/userguide/specifying-dsse-encryption.md
@@ -176 +176 @@ You can encrypt an unencrypted object to use DSSE-KMS by copying the object back
-    aws s3api copy-object --bucket amzn-s3-demo-bucket --key example-object-key --body filepath --bucket amzn-s3-demo-bucket --key example-object-key --sse aws:kms:dsse --sse-kms-key-id example-key-id --body filepath
+    aws s3api copy-object --bucket amzn-s3-demo-bucket --key example-object-key --copy-source amzn-s3-demo-bucket/example-object-key --server-side-encryption aws:kms:dsse --ssekms-key-id example-key-id