AWS kms documentation change
Summary
Updated documentation links and references to point to current EBS User Guide paths instead of EC2 User Guide. Corrected API reference link for GenerateDataKeyWithoutPlaintext. Minor wording changes in permissions section.
Security assessment
The changes primarily update URLs and documentation references without altering security-related content. No vulnerabilities or security improvements are mentioned. The corrections ensure accurate linking to existing security documentation but do not introduce new security features or address vulnerabilities.
Diff
diff --git a/kms/latest/developerguide/services-ebs.md b/kms/latest/developerguide/services-ebs.md index 2ff649511..c848caa3f 100644 --- a//kms/latest/developerguide/services-ebs.md +++ b//kms/latest/developerguide/services-ebs.md @@ -28 +28 @@ This topic discusses in detail how [Amazon Elastic Block Store (Amazon EBS)](htt -When you attach an encrypted Amazon EBS volume to a [supported Amazon Elastic Compute Cloud (Amazon EC2) instance type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances), data stored at rest on the volume, disk I/O, and snapshots created from the volume are all encrypted. The encryption occurs on the servers that host Amazon EC2 instances. +When you attach an encrypted Amazon EBS volume to a [supported Amazon Elastic Compute Cloud (Amazon EC2) instance type](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances), data stored at rest on the volume, disk I/O, and snapshots created from the volume are all encrypted. The encryption occurs on the servers that host Amazon EC2 instances. @@ -30 +30 @@ When you attach an encrypted Amazon EBS volume to a [supported Amazon Elastic Co -This feature is supported on all [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). You access encrypted volumes the same way you access other volumes; encryption and decryption are handled transparently and they require no additional action from you, your EC2 instance, or your application. Snapshots of encrypted volumes are automatically encrypted, and volumes that are created from encrypted snapshots are also automatically encrypted. +This feature is supported on all [Amazon EBS volume types](https://docs.aws.amazon.com/ebs-encryption-requirements.html#ebs-encryption-volume-types). You access encrypted volumes the same way you access other volumes; encryption and decryption are handled transparently and they require no additional action from you, your EC2 instance, or your application. Snapshots of encrypted volumes are automatically encrypted, and volumes that are created from encrypted snapshots are also automatically encrypted. @@ -32 +32 @@ This feature is supported on all [Amazon EBS volume types](https://docs.aws.amaz -The encryption status of an EBS volume is determined when you create the volume. You cannot change the encryption status of an existing volume. However, you can [migrate data](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_considerations) between encrypted and unencrypted volumes and apply a new encryption status while copying a snapshot. +The encryption status of an EBS volume is determined when you create the volume. You cannot change the encryption status of an existing volume. However, you can [migrate data](https://docs.aws.amazon.com/ebs/latest/userguide/how-ebs-encryption-works.html) between encrypted and unencrypted volumes and apply a new encryption status while copying a snapshot. @@ -40 +40 @@ When you [create an encrypted Amazon EBS volume](https://docs.aws.amazon.com/AWS -To use a customer managed key, you must give Amazon EBS permission to use the KMS key on your behalf. For a list of required permissions, see _Permissions for IAM users_ in the [Amazon EC2 User Guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#ebs-encryption-permissions) or [Amazon EC2 User Guide](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EBSEncryption.html#ebs-encryption-permissions). +To use a customer managed key, you must give Amazon EBS permission to use the KMS key on your behalf. For more information , see [How Amazon EBS encryption works](https://docs.aws.amazon.com/ebs/latest/userguide/how-ebs-encryption-works.html) in _Amazon EBS User Guide_. @@ -50 +50 @@ For each volume, Amazon EBS asks AWS KMS to generate a unique data key encrypted -In its [GenerateDataKeyWithoutPlaintext](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html) and [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) requests to AWS KMS, Amazon EBS uses an encryption context with a name-value pair that identifies the volume or snapshot in the request. The name in the encryption context does not vary. +In its [GenerateDataKeyWithoutPlaintext](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext) and [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) requests to AWS KMS, Amazon EBS uses an encryption context with a name-value pair that identifies the volume or snapshot in the request. The name in the encryption context does not vary. @@ -72 +72 @@ To create an encrypted EBS volume or attach the volume to an EC2 instance, Amazo -In this case, Amazon EBS sends an _event_ to Amazon EventBridge (formerly CloudWatch Events) to notify you about the failure. In EventBridge, you can establish rules that trigger automatic actions in response to these events. For more information, see [Amazon CloudWatch Events for Amazon EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-cloud-watch-events.html) in the _Amazon EC2 User Guide_ , especially the following sections: +In this case, Amazon EBS sends an _event_ to Amazon EventBridge (formerly CloudWatch Events) to notify you about the failure. In EventBridge, you can establish rules that trigger automatic actions in response to these events. For more information, see [Amazon CloudWatch Events for Amazon EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-cloud-watch-events.html) in the _Amazon EBS User Guide_ , especially the following sections: @@ -94 +94 @@ To fix these failures, ensure that the KMS key that you specified for EBS volume -You can use [AWS CloudFormation](https://aws.amazon.com/cloudformation/) to create encrypted Amazon EBS volumes. For more information, see [AWS::EC2::Volume](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volume.html) in the _AWS CloudFormation User Guide_. +You can use [AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/) to create encrypted Amazon EBS volumes. For more information, see [AWS::EC2::Volume](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volume.html) in the _AWS CloudFormation User Guide_.