AWS AWSCloudFormation medium security documentation change
Summary
Added KmsKeyArn property for encryption and changed update policy to Replacement
Security assessment
Introducing KMS key configuration explicitly enables encryption-at-rest, a critical security feature. The update policy change to 'Replacement' ensures encryption settings cannot be modified in-place, enforcing security controls.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-resource-opensearchserverless-collection.md b/AWSCloudFormation/latest/TemplateReference/aws-resource-opensearchserverless-collection.md index 7b0f40ee7..f00d79ca8 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-resource-opensearchserverless-collection.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-resource-opensearchserverless-collection.md @@ -103 +103 @@ _Required_ : No - _Update requires_ : [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) + _Update requires_ : [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) @@ -166,0 +167,5 @@ A unique identifier for the collection. For example, `07tjusf2h91cunochc`. +`KmsKeyArn` + + +The ARN of the AWS KMS key used to encrypt the collection. +