AWS Security ChangesHomeSearch

AWS ebs documentation change

Service: ebs · 2025-06-22 · Documentation low

File: ebs/latest/userguide/ebs-copy-snapshot.md

Summary

Modified encryption default behavior description to reference account-level encryption defaults instead of AWS managed key

Security assessment

The change clarifies encryption key inheritance when copying snapshots, promoting use of customer-configured encryption defaults. While this relates to security best practices, there is no evidence it addresses a specific security vulnerability.

Diff

diff --git a/ebs/latest/userguide/ebs-copy-snapshot.md b/ebs/latest/userguide/ebs-copy-snapshot.md
index 503efff7c..4ef9d7f58 100644
--- a//ebs/latest/userguide/ebs-copy-snapshot.md
+++ b//ebs/latest/userguide/ebs-copy-snapshot.md
@@ -149 +149 @@ Encryption by default for destination Region | Source snapshot | Snapshot copy e
-Disabled | Unencrypted | Optional encryption | If you encrypt the copy, you can specify the KMS key to use. If you encrypt the copy but do not specify a KMS key, the AWS managed key (`aws/ebs`) is used.  
+Disabled | Unencrypted | Optional encryption | If you encrypt the copy, you can specify the KMS key to use. If you encrypt the copy but do not specify a KMS key, the key specified for encryption by default is used.