AWS kms documentation change
Summary
Removed 'Single-Region' qualifier from symmetric encryption keys with EXTERNAL origin, indicating broader support for on-demand rotations and multiple key materials
Security assessment
Change generalizes key type support without indicating any security vulnerability or weakness. No security implications identified; appears to be a documentation clarification about key management capabilities.
Diff
diff --git a/kms/latest/developerguide/identify-key-types.md b/kms/latest/developerguide/identify-key-types.md index cf8cea6e4..f68559cc8 100644 --- a//kms/latest/developerguide/identify-key-types.md +++ b//kms/latest/developerguide/identify-key-types.md @@ -104 +104 @@ To make it easier to identify KMS keys with imported key material in the **Custo -The **Cryptographic configuration** tab on the details page for a KMS key displays the **Origin** , which identifies the source of the key material for the KMS key. For KMS keys with imported key material, the origin value is always **External (Import Key material)**. The details page also includes a **Key material** tab that provides detailed information about the imported key material. Single-Region, symmetric encryption keys with `EXTERNAL` origin support on-demand rotations and can have multiple key materials associated with them. For such keys, the tab is labeled **Key material and rotations**. +The **Cryptographic configuration** tab on the details page for a KMS key displays the **Origin** , which identifies the source of the key material for the KMS key. For KMS keys with imported key material, the origin value is always **External (Import Key material)**. The details page also includes a **Key material** tab that provides detailed information about the imported key material. Symmetric encryption keys with `EXTERNAL` origin support on-demand rotations and can have multiple key materials associated with them. For such keys, the tab is labeled **Key material and rotations**.