AWS quicksight documentation change
Summary
Expanded encryption scope from SPICE datasets to general QuickSight data, updated default key selection language, removed dataset-specific refresh instructions
Security assessment
Change broadens documentation about encryption coverage but doesn't address a specific vulnerability. Enhances security documentation by clarifying encryption applies to all QuickSight data rather than just SPICE datasets.
Diff
diff --git a/quicksight/latest/user/customer-managed-keys-create-key.md b/quicksight/latest/user/customer-managed-keys-create-key.md index 07c513fa4..3f5fbe977 100644 --- a//quicksight/latest/user/customer-managed-keys-create-key.md +++ b//quicksight/latest/user/customer-managed-keys-create-key.md @@ -9 +9 @@ Before you begin, make sure that you have an IAM role that grants the admin user -You can add keys that already exist in AWS KMS to your QuickSight account, so that you can encrypt your SPICE datasets. Keys that you add only affect new datasets created in SPICE. If you have an existing SPICE dataset that you want to encrypt, perform a full refresh on the dataset to encrypt it with the default CMK. +You can add keys that already exist in AWS KMS to your QuickSight account, so that you can encrypt your QuickSight data. @@ -33 +33 @@ If your key isn't in the list, you can manually enter the key's ARN. - 5. (Optional) Select the **Use as default encryption key for all new SPICE datasets in this QuickSight account** to set the selected key as your default key. A blue badge appears next to the default key to indicate its status. + 5. (Optional) Select the **Use as default encryption key for new data in the current region of this QuickSight account** to set the selected key as your default key. A blue badge appears next to the default key to indicate its status. @@ -35 +35 @@ If your key isn't in the list, you can manually enter the key's ARN. -When you choose a default key, all new SPICE datasets that are created in the Region that hosts your QuickSight account are encrypted with the default key. +When you choose a default key, all new QuickSight data that is created in the Region that hosts your QuickSight account is encrypted with the default key. @@ -44,4 +43,0 @@ When you choose a default key, all new SPICE datasets that are created in the Re -###### Note - -To use a specific key for a existing dataset, switch the account default key to the new key, then run a full refresh on the SPICE dataset. - @@ -54 +50 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Encrypting SPICE datasets with AWS KMS customer-managed keys +Encrypting data with AWS KMS customer-managed keys