AWS mwaa documentation change
Summary
Updated wording regarding KMS key grants and data in transit interception risk
Security assessment
Changed 'might' to 'can' in both sections to clarify behavior, but this is a documentation clarification rather than addressing a specific security vulnerability. The change emphasizes accurate technical descriptions of encryption grant management and data interception risks without introducing new security controls.
Diff
diff --git a/mwaa/latest/userguide/encryption.md b/mwaa/latest/userguide/encryption.md index b7cb88e4d..37c183b3c 100644 --- a//mwaa/latest/userguide/encryption.md +++ b//mwaa/latest/userguide/encryption.md @@ -44 +44 @@ You specify the encryption artifacts used for at rest encryption by specifying a -**Aurora PostgreSQL** – Amazon MWAA creates one PostgreSQL cluster for your environment. Aurora PostgreSQL encrypts the content with either an AWS owned or customer-managed KMS key using SSE. If you are using a customer-managed KMS key, Amazon RDS adds at least two grants to the key: one for the cluster and one for the database instance. Amazon RDS might create additional grants if you choose to use your customer-managed KMS key on multiple environments. For more information, refer to [Data protection in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DataDurability.html). +**Aurora PostgreSQL** – Amazon MWAA creates one PostgreSQL cluster for your environment. Aurora PostgreSQL encrypts the content with either an AWS owned or customer-managed KMS key using SSE. If you are using a customer-managed KMS key, Amazon RDS adds at least two grants to the key: one for the cluster and one for the database instance. Amazon RDS can create additional grants if you choose to use your customer-managed KMS key on multiple environments. For more information, refer to [Data protection in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DataDurability.html). @@ -48 +48 @@ You specify the encryption artifacts used for at rest encryption by specifying a -Data in transit is referred to as data that might be intercepted as it travels the network. +Data in transit is referred to as data that can be intercepted as it travels the network.