AWS Security ChangesHomeSearch

AWS connect documentation change

Service: connect · 2025-06-22 · Documentation medium

File: connect/latest/adminguide/enable-live-media-streams.md

Summary

Updated KMS key requirements to explicitly allow AWS managed key for Kinesis Video Streams (aws/kinesisvideo) and prohibit other service-specific AWS managed keys

Security assessment

Clarifies encryption key selection requirements to prevent misconfiguration. While encryption is security-related, there's no evidence this addresses a specific vulnerability. The change improves security documentation by specifying allowed keys.

Diff

diff --git a/connect/latest/adminguide/enable-live-media-streams.md b/connect/latest/adminguide/enable-live-media-streams.md
index 8bb04292e..2f8f891b0 100644
--- a//connect/latest/adminguide/enable-live-media-streams.md
+++ b//connect/latest/adminguide/enable-live-media-streams.md
@@ -29 +29,9 @@ When you choose to enter your own key, make note of the following restrictions:
-    2. The KMS key should not be the same as `aws/connect` key listed in your KMS console.
+    2. The KMS key should be either: 
+
+       * A customer managed key
+
+OR
+
+       * The AWS managed key for Kinesis Video Streams (aws/kinesisvideo). 
+
+It should not be any of the AWS managed keys automatically created for other services (for example, aws/connect, aws/lambda, aws/kinesis).