AWS kms documentation change
Summary
Enhanced deletion warning message to include last used information and clarified that keys become immediately unusable after scheduling deletion
Security assessment
The changes improve user awareness about key usage but don't address any specific vulnerability or weakness. The added warnings are preventive best practices, not responses to security incidents.
Diff
diff --git a/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.md b/kms/latest/developerguide/deleting-keys-scheduling-key-deletion.md index 5f697a8ae..bf5ecf067 100644 --- a//kms/latest/developerguide/deleting-keys-scheduling-key-deletion.md +++ b//kms/latest/developerguide/deleting-keys-scheduling-key-deletion.md @@ -35 +35 @@ You cannot schedule the deletion of [AWS managed keys](./concepts.html#aws-manag - 6. Read and consider the warning, and the information about canceling the deletion during the waiting period. If you decide to cancel the deletion, at the bottom of the page, choose **Cancel**. + 6. Read and consider the warning, and the information about canceling the deletion during the waiting period. The warning includes the number of selected keys that were recently used in cryptographic operations. The table displays a **Last used** column that shows when each KMS key was last used. If you decide to cancel the deletion, at the bottom of the page, choose **Cancel**. @@ -41 +41 @@ You cannot schedule the deletion of [AWS managed keys](./concepts.html#aws-manag - 9. Choose the check box next to **Confirm you want to schedule this key for deletion in`<number of days>` days.**. + 9. Choose the check box next to **I confirm that I want to schedule these keys for deletion. The keys will become immediately unusable for cryptographic operations. After the`<number of days>` day waiting period, the keys will be permanently deleted.**