AWS AmazonS3 documentation change
Summary
Updated DSSE-KMS encryption details to specify use of two independent AES-256 layers (KMS key + S3-managed key) and compliance references
Security assessment
The change provides more specific technical details about encryption implementation (AES-256 layers, key management) and compliance aspects, enhancing documentation of security features. However, there's no evidence this addresses an active security vulnerability or incident - it appears to be a clarification/improvement of existing security documentation.
Diff
diff --git a/AmazonS3/latest/userguide/serv-side-encryption.md b/AmazonS3/latest/userguide/serv-side-encryption.md index c054eaff3..5081f00e8 100644 --- a//AmazonS3/latest/userguide/serv-side-encryption.md +++ b//AmazonS3/latest/userguide/serv-side-encryption.md @@ -39 +39 @@ Server-side encryption with AWS KMS keys (SSE-KMS) is provided through an integr -Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is similar to SSE-KMS, but DSSE-KMS applies two individual layers of object-level encryption instead of one layer. Because both layers of encryption are applied to an object on the server side, you can use a wide range of AWS services and tools to analyze data in S3 while using an encryption method that can satisfy your compliance requirements. For more information, see [Using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)](./UsingDSSEncryption.html). +Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is similar to SSE-KMS, but DSSE-KMS applies two independent layers of AES-256 encryption instead of one layer: first using a AWS KMS data encryption key, then using a separate Amazon S3-managed encryption key. Because both layers of encryption are applied to an object on the server side, you can use a wide range of AWS services and tools to analyze data in S3 while using an encryption method that can satisfy compliance requirements for multilayer encryption. For more information, see [Using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)](./UsingDSSEncryption.html).