AWS singlesignon documentation change
Summary
Added clarification about multi-Region KMS key configuration requirements and link to related documentation
Security assessment
The change emphasizes proper KMS key configuration for multi-Region replication, which relates to encryption management but doesn't address a specific security vulnerability. This improves security documentation by clarifying key management requirements without indicating a prior security issue.
Diff
diff --git a/singlesignon/latest/userguide/replicate-to-additional-region.md b/singlesignon/latest/userguide/replicate-to-additional-region.md index b80929e8e..31f595a9f 100644 --- a//singlesignon/latest/userguide/replicate-to-additional-region.md +++ b//singlesignon/latest/userguide/replicate-to-additional-region.md @@ -9 +9 @@ Step 1: Create a replica keyStep 2: Add the RegionStep 3: Update external IdP se -If your environment meets the [prerequisites](./multi-region-iam-identity-center.html#multi-region-prerequisites), follow the steps below to replicate your IAM Identity Center instance to an additional Region: +If your environment meets the [prerequisites](./multi-region-iam-identity-center.html#multi-region-prerequisites), such as configuring IAM Identity Center with a multi-Region customer managed KMS key, complete the following steps to replicate your IAM Identity Center instance to an additional Region. Your primary Region continues to operate normally during and after these steps. @@ -23 +23 @@ AWS KMS doesn't synchronize your KMS key policy across the Regions of your multi -Adding a Region in IAM Identity Center triggers automatic and asynchronous replication of IAM Identity Center data to that Region. Below are instructions for doing this in the AWS Management Console and AWS CLI +Adding a Region in IAM Identity Center triggers automatic replication of IAM Identity Center data to that Region. The replication is asynchronous with eventual consistency. The following tabs provide instructions for doing this in the AWS Management Console and AWS CLI. @@ -38 +38 @@ Console - 5. In the **AWS Regions available for replication** section, choose your preferred AWS Region. If the Region doesn't appear in the list, it's not available for replication because the KMS key hasn't been replicated there. For more information, see _Implementing customer managed KMS keys in IAM Identity Center_. + 5. In the **AWS Regions available for replication** section, choose your preferred AWS Region. If the Region doesn't appear in the list, it's not available for replication because the KMS key hasn't been replicated there. For more information, see [Implementing customer managed KMS keys in AWS IAM Identity Center](./identity-center-customer-managed-keys.html). @@ -129,2 +128,0 @@ IAM Identity Center doesn't replicate data stored in AWS managed applications. A - * **Replication doesn't incur KMS usage charges** \- Replication of data to an additional Region doesn't lead to KMS usage charge. -