AWS Security ChangesHomeSearch

AWS AmazonS3 documentation change

Service: AmazonS3 · 2025-11-22 · Documentation low

File: AmazonS3/latest/userguide/UsingKMSEncryption.md

Summary

Updated documentation links to AWS KMS Developer Guide by adding double slashes in URLs for consistency.

Security assessment

The changes are purely formatting adjustments to hyperlinks and do not introduce, modify, or clarify security-related content. No evidence of addressing vulnerabilities or security controls.

Diff

diff --git a/AmazonS3/latest/userguide/UsingKMSEncryption.md b/AmazonS3/latest/userguide/UsingKMSEncryption.md
index 7c9be70bf..600a9dfcf 100644
--- a//AmazonS3/latest/userguide/UsingKMSEncryption.md
+++ b//AmazonS3/latest/userguide/UsingKMSEncryption.md
@@ -67 +67 @@ Carefully review the permissions that are granted in your KMS key policies. Alwa
-When you use server-side encryption with AWS KMS (SSE-KMS), you can use the default [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), or you can specify a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) that you have already created. AWS KMS supports _envelope encryption_. S3 uses the AWS KMS features for _envelope encryption_ to further protect your data. Envelope encryption is the practice of encrypting your plain text data with a data key, and then encrypting that data key with a KMS key. For more information about envelope encryption, see [Envelope encryption](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#enveloping) in the _AWS Key Management Service Developer Guide_.
+When you use server-side encryption with AWS KMS (SSE-KMS), you can use the default [AWS managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk), or you can specify a [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) that you have already created. AWS KMS supports _envelope encryption_. S3 uses the AWS KMS features for _envelope encryption_ to further protect your data. Envelope encryption is the practice of encrypting your plain text data with a data key, and then encrypting that data key with a KMS key. For more information about envelope encryption, see [Envelope encryption](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#enveloping) in the _AWS Key Management Service Developer Guide_.
@@ -75 +75 @@ Objects encrypted using SSE-KMS with [AWS managed keys](https://docs.aws.amazon.
-If you want to use a customer managed key for SSE-KMS, create a symmetric encryption customer managed key before you configure SSE-KMS. Then, when you configure SSE-KMS for your bucket, specify the existing customer managed key. For more information about symmetric encryption key, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the _AWS Key Management Service Developer Guide_.
+If you want to use a customer managed key for SSE-KMS, create a symmetric encryption customer managed key before you configure SSE-KMS. Then, when you configure SSE-KMS for your bucket, specify the existing customer managed key. For more information about symmetric encryption key, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#symmetric-cmks) in the _AWS Key Management Service Developer Guide_.
@@ -77 +77 @@ If you want to use a customer managed key for SSE-KMS, create a symmetric encryp
-Creating a customer managed key gives you more flexibility and control. For example, you can create, rotate, and disable customer managed keys. You can also define access controls and audit the customer managed key that you use to protect your data. For more information about customer managed and AWS managed keys, see [Customer keys and AWS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt) in the _AWS Key Management Service Developer Guide_.
+Creating a customer managed key gives you more flexibility and control. For example, you can create, rotate, and disable customer managed keys. You can also define access controls and audit the customer managed key that you use to protect your data. For more information about customer managed and AWS managed keys, see [Customer keys and AWS keys](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#key-mgmt) in the _AWS Key Management Service Developer Guide_.
@@ -81 +81 @@ Creating a customer managed key gives you more flexibility and control. For exam
-When you use server-side encryption with a customer managed key that's stored in an external key store, unlike standard KMS keys, you are responsible for ensuring the availability and durability of your key material. For more information about external key stores and how they shift the shared responsibility model, see [External key stores](https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html) in the _AWS Key Management Service Developer Guide_.
+When you use server-side encryption with a customer managed key that's stored in an external key store, unlike standard KMS keys, you are responsible for ensuring the availability and durability of your key material. For more information about external key stores and how they shift the shared responsibility model, see [External key stores](https://docs.aws.amazon.com//kms/latest/developerguide/keystore-external.html) in the _AWS Key Management Service Developer Guide_.
@@ -106 +106 @@ If you choose to encrypt your data using an AWS managed key or a customer manage
-  1. Amazon S3 requests a plaintext [ data key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) and a copy of the key encrypted under the specified KMS key.
+  1. Amazon S3 requests a plaintext [ data key](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#data-keys) and a copy of the key encrypted under the specified KMS key.
@@ -130 +130 @@ When you request that your data be decrypted, Amazon S3 and AWS KMS perform the
-When you use an AWS KMS key for server-side encryption in Amazon S3, you must choose a symmetric encryption KMS key. Amazon S3 supports only symmetric encryption KMS keys. For more information about these keys, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the _AWS Key Management Service Developer Guide_.
+When you use an AWS KMS key for server-side encryption in Amazon S3, you must choose a symmetric encryption KMS key. Amazon S3 supports only symmetric encryption KMS keys. For more information about these keys, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#symmetric-cmks) in the _AWS Key Management Service Developer Guide_.