AWS datasync documentation change
Summary
Added links to documentation for CmkSecretConfig and CustomSecretConfig parameters explaining how to use service-managed secrets with custom KMS keys and customer-managed secrets.
Security assessment
This change only adds reference links to existing security documentation. It improves documentation clarity but doesn't introduce new security features or address any security vulnerability.
Diff
diff --git a/datasync/latest/userguide/API_CreateLocationObjectStorage.md b/datasync/latest/userguide/API_CreateLocationObjectStorage.md index 807d661cd..dd0df19a5 100644 --- a//datasync/latest/userguide/API_CreateLocationObjectStorage.md +++ b//datasync/latest/userguide/API_CreateLocationObjectStorage.md @@ -100 +100 @@ When you include this parameter as part of a `CreateLocationObjectStorage` reque -Make sure that DataSync has permission to access the KMS key that you specify. +Make sure that DataSync has permission to access the KMS key that you specify. For more information, see [ Using a service-managed secret encrypted with a custom AWS KMS key](https://docs.aws.amazon.com/datasync/latest/userguide/location-credentials.html#service-secret-custom-key). @@ -113 +113 @@ Required: No -Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text, in Secrets Manager. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret. +Specifies configuration information for a customer-managed Secrets Manager secret where the secret key for a specific object storage location is stored in plain text, in Secrets Manager. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret. For more information, see [ Using a secret that you manage](https://docs.aws.amazon.com/datasync/latest/userguide/location-credentials.html#custom-secret-custom-key).