AWS Security ChangesHomeSearch

AWS config documentation change

Service: config · 2026-05-01 · Documentation low

File: config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md

Summary

Modified rule description to remove 'customer-managed' specificity from KMS key requirement

Security assessment

Change broadens KMS key requirement from 'customer-managed' to general 'KMS key encryption' but doesn't indicate a security vulnerability fix. Appears to be a documentation clarification.

Diff

diff --git a/config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md b/config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md
index 3050d0ed4..39b9b3b11 100644
--- a//config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md
+++ b//config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md
@@ -11 +11 @@ AWS CloudFormation template
-Checks if SageMaker feature groups have KMS encryption for OfflineStore. The rule is NON_COMPLIANT if offline store S3 storage does not have customer-managed KMS key encryption. 
+Checks if SageMaker feature groups have KMS encryption for OfflineStore. The rule is NON_COMPLIANT if offline store S3 storage does not have KMS key encryption. 
@@ -38 +38 @@ sagemaker-featuregroup-description
-sagemaker-feature-group-tagged
+sagemaker-featuregroup-online-store-encryption