AWS config documentation change
Summary
Modified rule description to remove 'customer-managed' specificity from KMS key requirement
Security assessment
Change broadens KMS key requirement from 'customer-managed' to general 'KMS key encryption' but doesn't indicate a security vulnerability fix. Appears to be a documentation clarification.
Diff
diff --git a/config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md b/config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md index 3050d0ed4..39b9b3b11 100644 --- a//config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md +++ b//config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.md @@ -11 +11 @@ AWS CloudFormation template -Checks if SageMaker feature groups have KMS encryption for OfflineStore. The rule is NON_COMPLIANT if offline store S3 storage does not have customer-managed KMS key encryption. +Checks if SageMaker feature groups have KMS encryption for OfflineStore. The rule is NON_COMPLIANT if offline store S3 storage does not have KMS key encryption. @@ -38 +38 @@ sagemaker-featuregroup-description -sagemaker-feature-group-tagged +sagemaker-featuregroup-online-store-encryption