AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-11-22 · Documentation medium

File: AmazonS3/latest/userguide/UsingEncryption.md

Summary

Added mention of hybrid post-quantum key exchange for data in transit and updated links. Also added a new section on protecting data in transit.

Security assessment

The inclusion of hybrid post-quantum key exchange highlights enhanced encryption standards, which is a security feature. However, this documents existing or new capabilities rather than addressing a specific security issue.

Diff

diff --git a/AmazonS3/latest/userguide/UsingEncryption.md b/AmazonS3/latest/userguide/UsingEncryption.md
index 83d106d30..be1d17007 100644
--- a//AmazonS3/latest/userguide/UsingEncryption.md
+++ b//AmazonS3/latest/userguide/UsingEncryption.md
@@ -11 +11 @@ Amazon S3 now applies server-side encryption with Amazon S3 managed keys (SSE-S3
-Data protection refers to protecting data while it's in transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using Secure Socket Layer/Transport Layer Security (SSL/TLS) or client-side encryption. For protecting data at rest in Amazon S3, you have the following options:
+Data protection refers to protecting data while it's in transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using Secure Socket Layer/Transport Layer Security (SSL/TLS) including hybrid post-quantum key exchange or client-side encryption. For protecting data at rest in Amazon S3, you have the following options:
@@ -33 +33 @@ To configure server-side encryption, see:
-    * [Specifying server-side encryption with customer-provided keys (SSE-C)](./ServerSideEncryptionCustomerKeys.html#specifying-s3-c-encryption)
+    * [Specifying server-side encryption with customer-provided keys (SSE-C)](./specifying-s3-c-encryption.html)
@@ -44 +44 @@ To see which percentage of your storage bytes are encrypted, you can use Amazon
-For more information about server-side encryption and client-side encryption, review the following topics.
+For more information about server-side encryption, client-side encryption, and encryption in transit, review the following topics.
@@ -51,0 +52,2 @@ For more information about server-side encryption and client-side encryption, re
+  * [Protecting data in transit with encryption](./UsingEncryptionInTransit.html)
+