AWS Security ChangesHomeSearch

AWS location documentation change

Service: location · 2026-03-28 · Documentation low

File: location/latest/developerguide/encryption-at-rest.md

Summary

Updated multiple API reference links and a KMS cryptographic details link to new URL paths and anchor points. Also updated a link for KMS security best practices.

Security assessment

This change updates documentation links within an existing security feature guide (encryption at rest). The updates are for API references and KMS documentation links, which are routine maintenance to reflect changes in the underlying documentation structure. There is no evidence of a specific security vulnerability being addressed; the content about encryption itself remains unchanged. The link update for KMS best practices does not add new security documentation but points to a potentially restructured page.

Diff

diff --git a/location/latest/developerguide/encryption-at-rest.md b/location/latest/developerguide/encryption-at-rest.md
index 74483b895..d7badb966 100644
--- a//location/latest/developerguide/encryption-at-rest.md
+++ b//location/latest/developerguide/encryption-at-rest.md
@@ -45,5 +45,5 @@ Data type | AWS owned key encryption | Customer managed key encryption (Optional
-`Position`A point geometry containing [the device position details](https://docs.aws.amazon.com/location-trackers/latest/APIReference/API_DevicePosition.html). | Enabled | Enabled  
-`PositionProperties`A set of key-value pairs [associated with the position update](https://docs.aws.amazon.com/location-trackers/latest/APIReference/API_DevicePosition.html). | Enabled | Enabled  
-`GeofenceGeometry`A polygon [geofence geometry](https://docs.aws.amazon.com/location-geofences/latest/APIReference/API_GeofenceGeometry.html) representing the geofenced area. | Enabled | Enabled  
-`DeviceId`The device identifier specified when [uploading a device position update](https://docs.aws.amazon.com/location-trackers/latest/APIReference/API_DevicePositionUpdate.html) to a tracker resource. | Enabled | Not supported  
-`GeofenceId`An identifier specified when [storing a geofence geometry](https://docs.aws.amazon.com/location-geofences/latest/APIReference/API_PutGeofence.html), or a [batch of geofences](https://docs.aws.amazon.com/location-geofences/latest/APIReference/API_BatchPutGeofence.html) in a given geofence collection.  | Enabled | Not supported  
+`Position`A point geometry containing [the device position details](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointTracking_DevicePosition.html). | Enabled | Enabled  
+`PositionProperties`A set of key-value pairs [associated with the position update](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointTracking_DevicePosition.html). | Enabled | Enabled  
+`GeofenceGeometry`A polygon [geofence geometry](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointGeofencing_GeofenceGeometry.html) representing the geofenced area. | Enabled | Enabled  
+`DeviceId`The device identifier specified when [uploading a device position update](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointTracking_DevicePositionUpdate.html) to a tracker resource. | Enabled | Not supported  
+`GeofenceId`An identifier specified when [storing a geofence geometry](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointGeofencing_PutGeofence.html), or a [batch of geofences](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointGeofencing_BatchPutGeofence.html) in a given geofence collection.  | Enabled | Not supported  
@@ -76 +76 @@ Amazon Location requires the grant to use your customer managed key for the foll
-You can revoke access to the grant, or remove the service's access to the customer managed key at any time. If you do, Amazon Location won't be able to access any of the data encrypted by the customer managed key, which affects operations that are dependent on that data. For example, if you attempt to [get device positions](https://docs.aws.amazon.com/location-trackers/latest/APIReference/API_GetDevicePosition.html) from an encrypted tracker that Amazon Location can't access, then the operation would return an `AccessDeniedException` error.
+You can revoke access to the grant, or remove the service's access to the customer managed key at any time. If you do, Amazon Location won't be able to access any of the data encrypted by the customer managed key, which affects operations that are dependent on that data. For example, if you attempt to [get device positions](https://docs.aws.amazon.com/location/latest/APIReference/API_WaypointTracking_GetDevicePosition.html) from an encrypted tracker that Amazon Location can't access, then the operation would return an `AccessDeniedException` error.
@@ -181 +181 @@ An [encryption context](https://docs.aws.amazon.com/kms/latest/developerguide/co
-AWS KMS uses the encryption context as [additional authenticated data](https://docs.aws.amazon.com/kms/latest/cryptographic-details/aad.html) to support [authenticated encryption](https://docs.aws.amazon.com/kms/latest/cryptographic-details/authenticated-encryption.html). When you include an encryption context in a request to encrypt data, AWS KMS binds the encryption context to the encrypted data. To decrypt data, you include the same encryption context in the request.
+AWS KMS uses the encryption context as [additional authenticated data](https://docs.aws.amazon.com/kms/latest/cryptographic-details/crypto-primitives.html) to support [authenticated encryption](https://docs.aws.amazon.com/kms/latest/cryptographic-details/crypto-primitives.html). When you include an encryption context in a request to encrypt data, AWS KMS binds the encryption context to the encrypted data. To decrypt data, you include the same encryption context in the request.
@@ -460 +460 @@ The following resources provide more information about data encryption at rest.
-  * For more information about [Security best practices for AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html), see the _AWS Key Management Service Developer Guide_.
+  * For more information about [Security best practices for AWS Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/kms-security.html), see the _AWS Key Management Service Developer Guide_.