AWS emr documentation change
Summary
Updated S3 server-side encryption documentation to reflect default encryption for all new S3 buckets
Security assessment
Clarifies that encryption is now enabled by default (a security best practice) but does not address a specific reported issue.
Diff
diff --git a/emr/latest/ManagementGuide/emr-data-encryption-options.md b/emr/latest/ManagementGuide/emr-data-encryption-options.md index b9a65a330..09b9a9c0e 100644 --- a//emr/latest/ManagementGuide/emr-data-encryption-options.md +++ b//emr/latest/ManagementGuide/emr-data-encryption-options.md @@ -44 +44 @@ When you use AWS KMS, charges apply for the storage and use of encryption keys. -When you set up Amazon S3 server-side encryption, Amazon S3 encrypts data at the object level as it writes the data to disk and decrypts the data when it is accessed. For more information about SSE, see [Protecting data using server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) in the _Amazon Simple Storage Service User Guide_. +All Amazon S3 buckets have encryption configured by default, and all new objects that are uploaded to an S3 bucket are automatically encrypted at rest, Amazon S3 encrypts data at the object level as it writes the data to disk and decrypts the data when it is accessed. For more information about SSE, see [Protecting data using server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) in the _Amazon Simple Storage Service User Guide_.