AWS aws-backup documentation change
Summary
Corrected KMS key example from 'aws/ec2' to 'aws/ebs' for EC2 backup copy jobs
Security assessment
Fixes documentation error to prevent operational failures but does not address security vulnerabilities.
Diff
diff --git a/aws-backup/latest/devguide/encryption.md b/aws-backup/latest/devguide/encryption.md index bd4bbed12..d155e30b3 100644 --- a//aws-backup/latest/devguide/encryption.md +++ b//aws-backup/latest/devguide/encryption.md @@ -54 +54 @@ Before you copy a backup from one account to another (cross-account copy job) or -For a copy of a recovery point of a resource that is **not fully managed** by AWS Backup, the key associated to the destination vault must be a CMK or the managed key of the service that owns the underlying resource. For example, if you are copying an EC2 instance, a Backup managed key cannot be used. Instead, a CMK or Amazon EC2 KMS key (`aws/ec2`) must be used to avoid copy job failure. +For a copy of a recovery point of a resource that is **not fully managed** by AWS Backup, the key associated to the destination vault must be a CMK or the managed key of the service that owns the underlying resource. For example, if you are copying an EC2 instance, a Backup managed key cannot be used. Instead, a CMK or Amazon EBS KMS key (`aws/ebs`) must be used to avoid copy job failure.