AWS AmazonRDS low security documentation change
Summary
Updated limitations section to clarify SSE-KMS support through S3 bucket default encryption when using @enable_bucket_default_encryption=1
Security assessment
Explicitly documents support for SSE-KMS encryption when using bucket default encryption configuration, clarifying encryption options for backups. This helps users properly configure encryption for regulatory compliance.
Diff
diff --git a/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md b/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md index 3eb675404..8b678a024 100644 --- a//AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md +++ b//AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md @@ -179 +179,5 @@ The following are some limitations to using native backup and restore: - * Amazon S3 server-side encryption with AWS KMS (SSE-KMS) is currently not supported. When you provide a KMS key to a stored procedure, any native backup and restores are encrypted and decrypted on the client-side with the KMS key. AWS stores the backups in the S3 bucket with SSE-S3. + * Amazon S3 server-side encryption with AWS KMS (SSE-KMS) is supported through your S3 bucket's default encryption configuration when you pass `@enable_bucket_default_encryption=1` to the backup stored procedure. By default, the restore supports the S3 object's server-side encryption. + +When you provide a KMS key to a stored procedure, any native backup and restores are encrypted and decrypted on the client-side with the KMS key. AWS stores the backups in the S3 bucket with SSE-S3 when `@enable_bucket_default_encryption=0` or with your S3 bucket's configured default encryption key when `@enable_bucket_default_encryption=1`. + + * When using S3 Access Points, the access point cannot be configured to use an RDS internal VPC.