AWS mwaa documentation change
Summary
Changed 'see' to 'refer to' in documentation links for KMS key creation and CloudWatch encryption
Security assessment
The changes are minor textual improvements without altering security content. No new security guidance or vulnerability mitigation is introduced.
Diff
diff --git a/mwaa/latest/userguide/custom-keys-certs.md b/mwaa/latest/userguide/custom-keys-certs.md index ec95e106f..83a06d121 100644 --- a//mwaa/latest/userguide/custom-keys-certs.md +++ b//mwaa/latest/userguide/custom-keys-certs.md @@ -9 +9 @@ What's supportedUsing Grants for EncryptionGrant policiesAttach key policy -You can optionally provide a [Customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for data encryption on your environment. You must create the customer managed KMS key in the same Region as your Amazon MWAA environment instance and your Amazon S3 bucket where you store resources for your workflows. If the customer managed KMS key that you specify is in a different account from the one you use to configure an environment, you must specify the key using its ARN for cross-account access. For more information about creating keys, see [Creating Keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the _AWS Key Management Service Developer Guide_. +You can optionally provide a [Customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for data encryption on your environment. You must create the customer managed KMS key in the same Region as your Amazon MWAA environment instance and your Amazon S3 bucket where you store resources for your workflows. If the customer managed KMS key that you specify is in a different account from the one you use to configure an environment, you must specify the key using its ARN for cross-account access. For more information about creating keys, refer to [Creating Keys](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) in the _AWS Key Management Service Developer Guide_. @@ -115 +115 @@ If you choose to use your own customer managed KMS key with Amazon MWAA, you mus -If the customer managed KMS key you used for your Amazon MWAA environment is not already configured to work with CloudWatch, you must update the [key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) to allow for encrypted CloudWatch Logs. For more information, see the [Encrypt log data in CloudWatch using AWS Key Management Service service](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html). +If the customer managed KMS key you used for your Amazon MWAA environment is not already configured to work with CloudWatch, you must update the [key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) to allow for encrypted CloudWatch Logs. For more information, refer to the [Encrypt log data in CloudWatch using AWS Key Management Service service](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html).