AWS quicksight documentation change
Summary
Updated encryption removal process from SPICE-specific to general QuickSight data, clarified encryption persistence after key removal
Security assessment
Improves documentation clarity about encryption state management but doesn't fix a security flaw. Strengthens security documentation by explaining persistent encryption of existing data after key removal.
Diff
diff --git a/quicksight/latest/user/customer-managed-keys-remove-cmks.md b/quicksight/latest/user/customer-managed-keys-remove-cmks.md index 06b9d1350..e23e9cd14 100644 --- a//quicksight/latest/user/customer-managed-keys-remove-cmks.md +++ b//quicksight/latest/user/customer-managed-keys-remove-cmks.md @@ -7 +7 @@ -You can remove the default key to disable SPICE dataset encryption in your QuickSight account. Removing the key prevents new resources from encrypting on a CMK. +You can remove the default key to disable data encryption in your QuickSight account. Removing the key prevents new resources from encrypting on a CMK. @@ -9 +9 @@ You can remove the default key to disable SPICE dataset encryption in your Quick -###### To remove CMK encryption for new SPICE datasets +###### To remove CMK encryption for new QuickSight data @@ -22 +22,3 @@ You can remove the default key to disable SPICE dataset encryption in your Quick -After you delete the default key from your account, QuickSight stops encrypting new SPICE datasets. Any existing encrypted datasets stay encrypted until a full refresh occurs. +After you delete the default key from your account, QuickSight stops encrypting new QuickSight data. Any existing data will remain encrypted. + +To learn more about which data can be managed with the key, see [Encrypting your QuickSight data with AWS Key Management Service customer-managed keys](./customer-managed-keys.html).