AWS Security ChangesHomeSearch

AWS kms documentation change

Service: kms · 2025-11-01 · Documentation low

File: kms/latest/developerguide/keystore-external.md

Summary

Clarified VPC endpoint service connectivity options to include cross-account usage

Security assessment

The change expands documentation about connectivity options but does not introduce new security controls or address specific vulnerabilities. It's a feature clarification rather than a security update.

Diff

diff --git a/kms/latest/developerguide/keystore-external.md b/kms/latest/developerguide/keystore-external.md
index a69ae6d8c..213d3c263 100644
--- a//kms/latest/developerguide/keystore-external.md
+++ b//kms/latest/developerguide/keystore-external.md
@@ -184 +184 @@ You specify your proxy connectivity option when you create your external key sto
-AWS KMS supports the following connectivity options:
+AWS KMS supports the following connectivity options.
@@ -188 +188 @@ AWS KMS supports the following connectivity options:
-  * [VPC endpoint service connectivity](./choose-xks-connectivity.html#xks-vpc-connectivity) — AWS KMS sends requests to a Amazon Virtual Private Cloud (Amazon VPC) endpoint service that you create and maintain. You can host your external key store proxy inside your Amazon VPC, or host your external key store proxy outside of AWS and use the Amazon VPC only for communication. 
+  * [VPC endpoint service connectivity](./choose-xks-connectivity.html#xks-vpc-connectivity) — AWS KMS sends requests to a Amazon Virtual Private Cloud (Amazon VPC) endpoint service that you create and maintain. You can host your external key store proxy inside your Amazon VPC, or host your external key store proxy outside of AWS and use the Amazon VPC only for communication. You can also connect your external key store to an Amazon VPC endpoint service owned by another AWS account.