AWS Security ChangesHomeSearch

AWS quicksight documentation change

Service: quicksight · 2025-08-10 · Documentation low

File: quicksight/latest/user/customer-managed-keys-remove-cmks.md

Summary

Updated encryption removal process from SPICE-specific to general QuickSight data, clarified encryption persistence after key removal

Security assessment

Improves documentation clarity about encryption state management but doesn't fix a security flaw. Strengthens security documentation by explaining persistent encryption of existing data after key removal.

Diff

diff --git a/quicksight/latest/user/customer-managed-keys-remove-cmks.md b/quicksight/latest/user/customer-managed-keys-remove-cmks.md
index 06b9d1350..e23e9cd14 100644
--- a//quicksight/latest/user/customer-managed-keys-remove-cmks.md
+++ b//quicksight/latest/user/customer-managed-keys-remove-cmks.md
@@ -7 +7 @@
-You can remove the default key to disable SPICE dataset encryption in your QuickSight account. Removing the key prevents new resources from encrypting on a CMK. 
+You can remove the default key to disable data encryption in your QuickSight account. Removing the key prevents new resources from encrypting on a CMK. 
@@ -9 +9 @@ You can remove the default key to disable SPICE dataset encryption in your Quick
-###### To remove CMK encryption for new SPICE datasets
+###### To remove CMK encryption for new QuickSight data
@@ -22 +22,3 @@ You can remove the default key to disable SPICE dataset encryption in your Quick
-After you delete the default key from your account, QuickSight stops encrypting new SPICE datasets. Any existing encrypted datasets stay encrypted until a full refresh occurs. 
+After you delete the default key from your account, QuickSight stops encrypting new QuickSight data. Any existing data will remain encrypted. 
+
+To learn more about which data can be managed with the key, see [Encrypting your QuickSight data with AWS Key Management Service customer-managed keys](./customer-managed-keys.html).