AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-10-01 · Documentation low

File: AmazonS3/latest/userguide/serv-side-encryption.md

Summary

Updated DSSE-KMS encryption details to specify use of two independent AES-256 layers (KMS key + S3-managed key) and compliance references

Security assessment

The change provides more specific technical details about encryption implementation (AES-256 layers, key management) and compliance aspects, enhancing documentation of security features. However, there's no evidence this addresses an active security vulnerability or incident - it appears to be a clarification/improvement of existing security documentation.

Diff

diff --git a/AmazonS3/latest/userguide/serv-side-encryption.md b/AmazonS3/latest/userguide/serv-side-encryption.md
index c054eaff3..5081f00e8 100644
--- a//AmazonS3/latest/userguide/serv-side-encryption.md
+++ b//AmazonS3/latest/userguide/serv-side-encryption.md
@@ -39 +39 @@ Server-side encryption with AWS KMS keys (SSE-KMS) is provided through an integr
-Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is similar to SSE-KMS, but DSSE-KMS applies two individual layers of object-level encryption instead of one layer. Because both layers of encryption are applied to an object on the server side, you can use a wide range of AWS services and tools to analyze data in S3 while using an encryption method that can satisfy your compliance requirements. For more information, see [Using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)](./UsingDSSEncryption.html).
+Dual-layer server-side encryption with AWS KMS keys (DSSE-KMS) is similar to SSE-KMS, but DSSE-KMS applies two independent layers of AES-256 encryption instead of one layer: first using a AWS KMS data encryption key, then using a separate Amazon S3-managed encryption key. Because both layers of encryption are applied to an object on the server side, you can use a wide range of AWS services and tools to analyze data in S3 while using an encryption method that can satisfy compliance requirements for multilayer encryption. For more information, see [Using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS)](./UsingDSSEncryption.html).