AWS cli documentation change
Summary
Added encryption-settings parameter documentation for customer-managed KMS keys and updated CLI version
Security assessment
Introduces documentation for encryption configuration options using customer-managed KMS keys. While this adds security-related documentation about data encryption capabilities, there is no indication it addresses a specific security vulnerability.
Diff
diff --git a/cli/latest/reference/verifiedpermissions/create-policy-store.md b/cli/latest/reference/verifiedpermissions/create-policy-store.md index 37195b2d9..e9da3c89c 100644 --- a//cli/latest/reference/verifiedpermissions/create-policy-store.md +++ b//cli/latest/reference/verifiedpermissions/create-policy-store.md @@ -15 +15 @@ - * [AWS CLI 2.33.2 Command Reference](../../index.html) » + * [AWS CLI 2.33.4 Command Reference](../../index.html) » @@ -79,0 +80 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/verifi + [--encryption-settings <value>] @@ -192,0 +194,78 @@ JSON Syntax: +`--encryption-settings` (tagged union structure) + +> Specifies the encryption settings used to encrypt the policy store and their child resources. Allows for the ability to use a customer owned KMS key for encryption of data. +> +> This is an optional field to be used when providing a customer-managed KMS key for encryption. +> +> ### Note +> +> This is a Tagged Union structure. Only one of the following top level keys can be set: `kmsEncryptionSettings`, `default`. +> +> kmsEncryptionSettings -> (structure) +> +>> The KMS encryption settings for this policy store to encrypt data with. It will contain the customer-managed KMS key, and a user-defined encryption context. +>> +>> key -> (string) [required] +>> +>>> The customer-managed KMS key [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) , alias or ID to be used for encryption processes. +>>> +>>> Users can provide the full KMS key ARN, a KMS key alias, or a KMS key ID, but it will be mapped to the full KMS key ARN after policy store creation, and referenced when encrypting child resources. +>>> +>>> Constraints: +>>> +>>> * pattern: `[a-zA-Z0-9:/_-]+` +>>> + +>> +>> encryptionContext -> (map) +>> +>>> User-defined, additional context to be added to encryption processes. +>>> +>>> Constraints: +>>> +>>> * min: `0` +>>> * max: `8192` +>>> + +>>> +>>> key -> (string) +>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> + +>>> +>>> value -> (string) +>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> + +> +> default -> (structure) +> +>> Use AWS owned encryption keys for encrypting policy store data. + +Shorthand Syntax: + + + kmsEncryptionSettings={key=string,encryptionContext={KeyName1=string,KeyName2=string}},default={} + + +JSON Syntax: + + + { + "kmsEncryptionSettings": { + "key": "string", + "encryptionContext": {"string": "string" + ...} + }, + "default": { + + } + } + + @@ -406 +485 @@ lastUpdatedDate -> (timestamp) - * [AWS CLI 2.33.2 Command Reference](../../index.html) » + * [AWS CLI 2.33.4 Command Reference](../../index.html) »