AWS managed-flink documentation change
Summary
Added documentation about using customer managed keys (CMKs) for encryption in Amazon MSF applications, including a new section explaining CMK usage and updated application creation steps
Security assessment
The changes introduce documentation about encrypting application data using customer-managed KMS keys, which is a security feature. While this enhances security documentation, there is no evidence of addressing an existing security vulnerability.
Diff
diff --git a/managed-flink/latest/java/how-creating-apps.md b/managed-flink/latest/java/how-creating-apps.md index 23808dc26..fefaa6ff9 100644 --- a//managed-flink/latest/java/how-creating-apps.md +++ b//managed-flink/latest/java/how-creating-apps.md @@ -5 +5 @@ -Build your Managed Service for Apache Flink application codeCreate your Managed Service for Apache Flink applicationStart your Managed Service for Apache Flink applicationVerify your Managed Service for Apache Flink application +Build your Managed Service for Apache Flink application codeCreate your Managed Service for Apache Flink applicationUse customer managed keysStart your Managed Service for Apache Flink applicationVerify your Managed Service for Apache Flink application @@ -18,0 +19,2 @@ This topic contains information about creating a Managed Service for Apache Flin + * Use customer managed keys + @@ -55 +57 @@ For building applications with earlier versions of Apache Flink, see [Earlier ve -After you have built your application code, you do the following to create your Managed Service for Apache Flink application: +After you've built your application code, you do the following to create your Managed Service for Apache Flink (Amazon MSF) application: @@ -59 +61,5 @@ After you have built your application code, you do the following to create your - * **Create your Managed Service for Apache Flink application** : Use one of the following methods to create your Managed Service for Apache Flink application: + * **Create your Managed Service for Apache Flink application** : Use one of the following methods to create your Amazon MSF application: + +###### Note + +Amazon MSF encrypts your application by default using AWS owned keys. You can also create your new application using AWS KMS customer managed keys (CMKs) to create, own, and manage your keys yourself. For information about CMKs, see [Key management in Amazon Managed Service for Apache Flink](./key-management-flink.html). @@ -61 +67 @@ After you have built your application code, you do the following to create your - * **Create your Managed Service for Apache Flink application using the AWS console:** You can create and configure your application using the AWS console. + * **Create your Amazon MSF application using the AWS console:** You can create and configure your application using the AWS console. @@ -69 +75 @@ For a tutorial about how to use the console to create an application, see the [T - * **Create your Managed Service for Apache Flink application using the AWS CLI:** You can create and configure your application using the AWS CLI. + * **Create your Amazon MSF application using the AWS CLI:** You can create and configure your application using the AWS CLI. @@ -81,0 +88,6 @@ You can change the `RuntimeEnvironment` of an existing application. To learn how +## Use customer managed keys + +In Amazon MSF, customer managed keys (CMKs) is a feature using which you can encrypt your application's data with a key that you create, own, and manage on AWS Key Management Service (AWS KMS). For an Amazon MSF application, this means all data subject to a Flink [checkpoint](./how-fault.html) or [snapshot](./how-snapshots.html) are encrypted with a CMK you define for that application. + +To use CMK with your application, you must first create your new application, and then apply a CMK. For more information about using CMKs, see [Key management in Amazon Managed Service for Apache Flink](./key-management-flink.html). +