AWS emr documentation change
Summary
Updated S3 encryption documentation to reflect default bucket encryption
Security assessment
Clarifies that S3 buckets now have encryption enabled by default, promoting security best practices. No evidence this addresses an active vulnerability.
Diff
diff --git a/emr/latest/ReleaseGuide/emr-emrfs-encryption.md b/emr/latest/ReleaseGuide/emr-emrfs-encryption.md index 768f71e89..f1ad30726 100644 --- a//emr/latest/ReleaseGuide/emr-emrfs-encryption.md +++ b//emr/latest/ReleaseGuide/emr-emrfs-encryption.md @@ -75 +75 @@ The procedure below describes how to add the default Amazon EMR instance profile -When you set up Amazon S3 server-side encryption, Amazon S3 encrypts data at the object level as it writes the data to disk and decrypts the data when it is accessed. For more information about SSE, see [Protecting data using server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) in the _Amazon Simple Storage Service User Guide_. +All Amazon S3 buckets have encryption configured by default, and all new objects that are uploaded to an S3 bucket are automatically encrypted at rest, Amazon S3 encrypts data at the object level as it writes the data to disk and decrypts the data when it is accessed. For more information about SSE, see [Protecting data using server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) in the _Amazon Simple Storage Service User Guide_.