AWS kms documentation change
Summary
Clarified VPC endpoint service connectivity options to include cross-account usage
Security assessment
The change expands documentation about connectivity options but does not introduce new security controls or address specific vulnerabilities. It's a feature clarification rather than a security update.
Diff
diff --git a/kms/latest/developerguide/keystore-external.md b/kms/latest/developerguide/keystore-external.md index a69ae6d8c..213d3c263 100644 --- a//kms/latest/developerguide/keystore-external.md +++ b//kms/latest/developerguide/keystore-external.md @@ -184 +184 @@ You specify your proxy connectivity option when you create your external key sto -AWS KMS supports the following connectivity options: +AWS KMS supports the following connectivity options. @@ -188 +188 @@ AWS KMS supports the following connectivity options: - * [VPC endpoint service connectivity](./choose-xks-connectivity.html#xks-vpc-connectivity) — AWS KMS sends requests to a Amazon Virtual Private Cloud (Amazon VPC) endpoint service that you create and maintain. You can host your external key store proxy inside your Amazon VPC, or host your external key store proxy outside of AWS and use the Amazon VPC only for communication. + * [VPC endpoint service connectivity](./choose-xks-connectivity.html#xks-vpc-connectivity) — AWS KMS sends requests to a Amazon Virtual Private Cloud (Amazon VPC) endpoint service that you create and maintain. You can host your external key store proxy inside your Amazon VPC, or host your external key store proxy outside of AWS and use the Amazon VPC only for communication. You can also connect your external key store to an Amazon VPC endpoint service owned by another AWS account.