AWS Security ChangesHomeSearch

AWS keyspaces documentation change

Service: keyspaces · 2025-10-28 · Documentation low

File: keyspaces/latest/devguide/using_perl_driver.md

Summary

Added note about Amazon Trust Services certificate migration and updated CA trust requirements

Security assessment

The change informs users about ongoing certificate migration to Amazon Trust Services CAs but does not directly address a specific security vulnerability. While it updates security-related documentation about certificate trust, the Perl driver's lack of server certificate validation (mentioned in both versions) remains an inherent security limitation not resolved by this change.

Diff

diff --git a/keyspaces/latest/devguide/using_perl_driver.md b/keyspaces/latest/devguide/using_perl_driver.md
index af8e0bbce..05642eddb 100644
--- a//keyspaces/latest/devguide/using_perl_driver.md
+++ b//keyspaces/latest/devguide/using_perl_driver.md
@@ -11 +11 @@ This section shows you how to connect to Amazon Keyspaces by using a Perl client
-To create a secure connection, our code samples use the Starfield digital certificate to authenticate the server before establishing the TLS connection. The Perl driver doesn't validate the server's Amazon SSL certificate, which means that you can't confirm that you are connecting to Amazon Keyspaces. The second step, to configure the driver to use TLS when connecting to Amazon Keyspaces is still required, and ensures that data transferred between the client and server is encrypted. 
+Amazon Keyspacescertificates are transitioning to the Amazon Trust Services (ATS) hierarchy. Ensure your environment trusts the Amazon Root CAs 1–4 to avoid connection errors during this rotation. The Perl driver doesn't validate the server's Amazon SSL certificate, which means that you can't confirm that you are connecting to Amazon Keyspaces. The second step, to configure the driver to use TLS when connecting to Amazon Keyspaces is still required, and ensures that data transferred between the client and server is encrypted.