AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2025-10-19 · Documentation medium

File: Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.md

Summary

Added requirement to update KMS key policies for SSE-KMS encryption

Security assessment

Documents security best practice for proper encryption configuration, preventing potential misconfigurations that could lead to data exposure

Diff

diff --git a/Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.md b/Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.md
index 9274ef9f6..17ebaaece 100644
--- a//Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.md
+++ b//Route53/latest/DeveloperGuide/resolver-query-logs-choosing-target-resource.md
@@ -26,0 +27,2 @@ All S3 server-side encryption options are supported. For more information, see [
+If you choose Server-Side Encryption with AWS KMS Keys (SSE-KMS), you must update the key policy for your customer managed key so that the log delivery account can write to your Amazon S3 bucket. For more information about the required key policy for use with SSE-KMS, see [Amazon S3 bucket server-side encryption](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-infrastructure-V2-S3.html#AWS-logs-SSE-KMS-S3-V2) in the _Amazon CloudWatch User Guide_.
+