AWS connect documentation change
Summary
Updated KMS key requirements to explicitly allow AWS managed key for Kinesis Video Streams (aws/kinesisvideo) and prohibit other service-specific AWS managed keys
Security assessment
Clarifies encryption key selection requirements to prevent misconfiguration. While encryption is security-related, there's no evidence this addresses a specific vulnerability. The change improves security documentation by specifying allowed keys.
Diff
diff --git a/connect/latest/adminguide/enable-live-media-streams.md b/connect/latest/adminguide/enable-live-media-streams.md index 8bb04292e..2f8f891b0 100644 --- a//connect/latest/adminguide/enable-live-media-streams.md +++ b//connect/latest/adminguide/enable-live-media-streams.md @@ -29 +29,9 @@ When you choose to enter your own key, make note of the following restrictions: - 2. The KMS key should not be the same as `aws/connect` key listed in your KMS console. + 2. The KMS key should be either: + + * A customer managed key + +OR + + * The AWS managed key for Kinesis Video Streams (aws/kinesisvideo). + +It should not be any of the AWS managed keys automatically created for other services (for example, aws/connect, aws/lambda, aws/kinesis).