AWS Security ChangesHomeSearch

AWS autoscaling documentation change

Service: autoscaling · 2025-11-22 · Documentation low

File: autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.md

Summary

Updated terminology from 'Auto Scaling' to 'Amazon EC2 Auto Scaling' for consistency and clarified cross-account key policy requirements

Security assessment

The changes are terminology updates and clarifications about cross-account permissions for encryption keys. While encryption key policies are security-related, there's no indication these changes address a specific vulnerability or weakness. The modifications improve documentation accuracy but don't introduce new security controls or address disclosed issues.

Diff

diff --git a/autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.md b/autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.md
index 53ce5ae37..c19cee30c 100644
--- a//autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.md
+++ b//autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.md
@@ -11 +11 @@ Amazon EC2 Auto Scaling uses [service-linked roles](./autoscaling-service-linked
-This topic describes how to set up the key policy that you need to launch Auto Scaling instances when you specify a customer managed key for Amazon EBS encryption. 
+This topic describes how to set up the key policy that you need to launch Amazon EC2 Auto Scaling instances when you specify a customer managed key for Amazon EBS encryption. 
@@ -126 +126 @@ Add the following two policy statements to the key policy of the customer manage
-If you create a customer managed key in a different account than the Auto Scaling group, you must use a grant in combination with the key policy to allow cross-account access to the key. 
+If you create a customer managed key in a different account than the Amazon EC2 Auto Scaling group, you must use a grant in combination with the key policy to allow cross-account access to the key. 
@@ -130 +130 @@ There are two steps that must be completed in the following order:
-  1. First, add the following two policy statements to the customer managed key's key policy. Replace the example ARN with the ARN of the other account, making sure to replace `111122223333` with the actual account ID of the AWS account that you want to create the Auto Scaling group in. This allows you to give an IAM user or role in the specified account permission to create a grant for the key using the CLI command that follows. However, this does not by itself give any users access to the key.
+  1. First, add the following two policy statements to the customer managed key's key policy. Replace the example ARN with the ARN of the other account, making sure to replace `111122223333` with the actual account ID of the AWS account that you want to create the Amazon EC2 Auto Scaling group in. This allows you to give an IAM user or role in the specified account permission to create a grant for the key using the CLI command that follows. However, this does not by itself give any users access to the key.
@@ -164 +164 @@ There are two steps that must be completed in the following order:
-  2. Then, from the account that you want to create the Auto Scaling group in, create a grant that delegates the relevant permissions to the appropriate service-linked role. The `Grantee Principal` element of the grant is the ARN of the appropriate service-linked role. The `key-id` is the ARN of the key.
+  2. Then, from the account that you want to create the Amazon EC2 Auto Scaling group in, create a grant that delegates the relevant permissions to the appropriate service-linked role. The `Grantee Principal` element of the grant is the ARN of the appropriate service-linked role. The `key-id` is the ARN of the key.