AWS ebs documentation change
Summary
Modified encryption default behavior description to reference account-level encryption defaults instead of AWS managed key
Security assessment
The change clarifies encryption key inheritance when copying snapshots, promoting use of customer-configured encryption defaults. While this relates to security best practices, there is no evidence it addresses a specific security vulnerability.
Diff
diff --git a/ebs/latest/userguide/ebs-copy-snapshot.md b/ebs/latest/userguide/ebs-copy-snapshot.md index 503efff7c..4ef9d7f58 100644 --- a//ebs/latest/userguide/ebs-copy-snapshot.md +++ b//ebs/latest/userguide/ebs-copy-snapshot.md @@ -149 +149 @@ Encryption by default for destination Region | Source snapshot | Snapshot copy e -Disabled | Unencrypted | Optional encryption | If you encrypt the copy, you can specify the KMS key to use. If you encrypt the copy but do not specify a KMS key, the AWS managed key (`aws/ebs`) is used. +Disabled | Unencrypted | Optional encryption | If you encrypt the copy, you can specify the KMS key to use. If you encrypt the copy but do not specify a KMS key, the key specified for encryption by default is used.