AWS Security ChangesHomeSearch

AWS connect documentation change

Service: connect · 2026-05-10 · Documentation low

File: connect/latest/adminguide/encryption-at-rest.md

Summary

Renamed 'Amazon Connect' to 'Connect Customer' throughout documentation, updated service names (e.g., 'Amazon Connect Cases' to 'Connect Customer Cases'), and made corresponding grammatical adjustments.

Security assessment

This is a branding/terminology change without modifications to security mechanisms. Encryption implementation details (KMS usage, key management, grants) remain identical. No vulnerabilities or security enhancements are introduced.

Diff

diff --git a/connect/latest/adminguide/encryption-at-rest.md b/connect/latest/adminguide/encryption-at-rest.md
index 2fcf503d1..52e1d521a 100644
--- a//connect/latest/adminguide/encryption-at-rest.md
+++ b//connect/latest/adminguide/encryption-at-rest.md
@@ -7 +7 @@
-Amazon AppIntegrationsAmazon Connect CasesAmazon Connect Customer ProfilesConnect AI agentsAmazon Connect Voice ID encryption at restOutbound campaigns encryption at restForecasts, capacity plans, and schedules
+Amazon AppIntegrationsConnect Customer CasesConnect Customer Customer ProfilesConnect AI agentsConnect Customer Voice ID encryption at restOutbound campaigns encryption at restForecasts, capacity plans, and schedules
@@ -9 +9 @@ Amazon AppIntegrationsAmazon Connect CasesAmazon Connect Customer ProfilesConnec
-# Encryption at rest in Amazon Connect
+# Encryption at rest in Connect Customer
@@ -11 +11 @@ Amazon AppIntegrationsAmazon Connect CasesAmazon Connect Customer ProfilesConnec
-Contact data classified as PII, or data that represents customer content being stored by Amazon Connect, is encrypted at rest (that is, before it is put, stored, or saved to a disk) using AWS KMS encryption keys owned by AWS. For information about AWS KMS keys, see [What is AWS Key Management Service?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the _AWS Key Management Service Developer Guide_. Contact data in non-temporary storage is encrypted such that data encryption keys generated from the KMS keys are not shared across Amazon Connect instances.
+Contact data classified as PII, or data that represents customer content being stored by Connect Customer, is encrypted at rest (that is, before it is put, stored, or saved to a disk) using AWS KMS encryption keys owned by AWS. For information about AWS KMS keys, see [What is AWS Key Management Service?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) in the _AWS Key Management Service Developer Guide_. Contact data in non-temporary storage is encrypted such that data encryption keys generated from the KMS keys are not shared across Amazon Connect instances.
@@ -15 +15 @@ Amazon S3 server-side encryption is used to encrypt conversation recordings (voi
-  * Recordings intermediately held within Amazon Connect during and after the contact, but before delivery.
+  * Recordings intermediately held within Connect Customer during and after the contact, but before delivery.
@@ -24 +24 @@ The recordings and chat transcripts that are stored in your Amazon S3 bucket are
-For more information about key management in Amazon Connect, see [Key management in Amazon Connect](./key-management.html).
+For more information about key management in Connect Customer, see [Key management in Connect Customer](./key-management.html).
@@ -30 +30 @@ For more information about key management in Amazon Connect, see [Key management
-  * Amazon Connect Cases
+  * Connect Customer Cases
@@ -32 +32 @@ For more information about key management in Amazon Connect, see [Key management
-  * Amazon Connect Customer Profiles
+  * Connect Customer Customer Profiles
@@ -36 +36 @@ For more information about key management in Amazon Connect, see [Key management
-  * Amazon Connect Voice ID encryption at rest
+  * Connect Customer Voice ID encryption at rest
@@ -62 +62 @@ Amazon AppIntegrations requires the grant to use the customer managed key for th
-## Amazon Connect Cases encryption at rest
+## Connect Customer Cases encryption at rest
@@ -64 +64 @@ Amazon AppIntegrations requires the grant to use the customer managed key for th
-All customer provided data in case fields, case comments, descriptions of the fields and templates stored by Amazon Connect Cases is encrypted at rest using encryption keys stored in AWS Key Management Service (AWS KMS). 
+All customer provided data in case fields, case comments, descriptions of the fields and templates stored by Connect Customer Cases is encrypted at rest using encryption keys stored in AWS Key Management Service (AWS KMS). 
@@ -66 +66 @@ All customer provided data in case fields, case comments, descriptions of the fi
-Amazon Connect Cases service owns, manages, monitors, and rotates the encryption keys (that is, AWS owned keys) to meet the high security standards. Payload of the case event streams is temporarily (typically for a few seconds) stored in Amazon EventBridge before it is made available through the default-bus in customers account. EventBridge also encrypts the entire payload at rest using AWS owned keys.
+Connect Customer Cases service owns, manages, monitors, and rotates the encryption keys (that is, AWS owned keys) to meet the high security standards. Payload of the case event streams is temporarily (typically for a few seconds) stored in Amazon EventBridge before it is made available through the default-bus in customers account. EventBridge also encrypts the entire payload at rest using AWS owned keys.
@@ -68 +68 @@ Amazon Connect Cases service owns, manages, monitors, and rotates the encryption
-## Amazon Connect Customer Profiles encryption at rest
+## Connect Customer Customer Profiles encryption at rest
@@ -70 +70 @@ Amazon Connect Cases service owns, manages, monitors, and rotates the encryption
-All user data stored in Amazon Connect Customer Profiles is encrypted at rest. Amazon Connect Customer Profiles encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS). This functionality helps reduce the operational burden and complexity involved in protecting sensitive data. With encryption at rest, you can build security-sensitive applications that meet strict encryption compliance and regulatory requirements.
+All user data stored in Connect Customer Customer Profiles is encrypted at rest. Connect Customer Customer Profiles encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS). This functionality helps reduce the operational burden and complexity involved in protecting sensitive data. With encryption at rest, you can build security-sensitive applications that meet strict encryption compliance and regulatory requirements.
@@ -76 +76 @@ When creating a new domain, you must provide a [KMS key](https://docs.aws.amazon
-You can specify an encryption key when you create a new domain or profile object type or switch the encryption keys on an existing resources by using the AWS Command Line Interface (AWS CLI), or the Amazon Connect Customer Profiles Encryption API. When you choose a customer managed key, Amazon Connect Customer Profiles creates a grant to the customer managed key that grants it access to the customer managed key.
+You can specify an encryption key when you create a new domain or profile object type or switch the encryption keys on an existing resources by using the AWS Command Line Interface (AWS CLI), or the Connect Customer Customer Profiles Encryption API. When you choose a customer managed key, Connect Customer Customer Profiles creates a grant to the customer managed key that grants it access to the customer managed key.
@@ -86 +86 @@ AWS KMS charges apply when using a key that you provide. For more information ab
-## Amazon Connect Voice ID encryption at rest
+## Connect Customer Voice ID encryption at rest
@@ -88 +88 @@ AWS KMS charges apply when using a key that you provide. For more information ab
-Amazon Connect Voice ID stores customer voiceprints which cannot be reverse-engineered to obtain the enrolled customer's speech or identify a customer. All user data stored in Amazon Connect Voice ID is encrypted at rest. When creating a new Voice ID domain, you must provide a customer managed key that the service uses to encrypt your data at rest. The customer managed key is created, owned, and managed by you. You have full control over the key.
+Connect Customer Voice ID stores customer voiceprints which cannot be reverse-engineered to obtain the enrolled customer's speech or identify a customer. All user data stored in Connect Customer Voice ID is encrypted at rest. When creating a new Voice ID domain, you must provide a customer managed key that the service uses to encrypt your data at rest. The customer managed key is created, owned, and managed by you. You have full control over the key.
@@ -94 +94 @@ When you change the KMS key, an asynchronous process will be triggered to re-enc
-Voice ID creates a grant to the customer managed key that grants it access to the key. For more information, see How Amazon Connect Voice ID uses grants in AWS KMS. 
+Voice ID creates a grant to the customer managed key that grants it access to the key. For more information, see How Connect Customer Voice ID uses grants in AWS KMS. 
@@ -111 +111 @@ AWS KMS charges apply for a customer managed key. For more information about pri
-### How Amazon Connect Voice ID uses grants in AWS KMS
+### How Connect Customer Voice ID uses grants in AWS KMS
@@ -113 +113 @@ AWS KMS charges apply for a customer managed key. For more information about pri
-Amazon Connect Voice ID requires a grant to use your customer managed key. When you create a domain, Voice ID creates a grant on your behalf by sending a see [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) request to AWS KMS. The grant is required to use your customer managed key for the following internal operations:
+Connect Customer Voice ID requires a grant to use your customer managed key. When you create a domain, Voice ID creates a grant on your behalf by sending a see [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) request to AWS KMS. The grant is required to use your customer managed key for the following internal operations:
@@ -193 +193 @@ You can use the encryption context in key policies and IAM policies as condition
-Amazon Connect Voice ID uses an encryption context constraint in grants to control access to the customer managed key in your account or Region. The grant constraint requires that the operations that the grant allows use the specified encryption context.
+Connect Customer Voice ID uses an encryption context constraint in grants to control access to the customer managed key in your account or Region. The grant constraint requires that the operations that the grant allows use the specified encryption context.
@@ -469 +469 @@ ReEncrypt
-Outbound campaigns stores customer phone numbers and relevant attributes. This information is always encrypted at rest, using either a customer managed key or an AWS owned key. The data is separated by the Amazon Connect instance ID and is encrypted by instance specific keys. 
+Outbound campaigns stores customer phone numbers and relevant attributes. This information is always encrypted at rest, using either a customer managed key or an AWS owned key. The data is separated by the Connect Customer instance ID and is encrypted by instance specific keys. 
@@ -475 +475 @@ The service uses your customer-managed key to encrypt sensitive data at rest. Th
-If you do not provide your own customer managed key, then Outbound campaigns encrypts sensitive data at rest using an AWS owned key specific to your Amazon Connect instance. You can't view, manage, use, or audit AWS owned keys. However, you don't have to take any action or change any programs to protect the keys that encrypt your data. For more information, see [AWS owned keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) in the _AWS Key Management Service Developer Guide_. 
+If you do not provide your own customer managed key, then Outbound campaigns encrypts sensitive data at rest using an AWS owned key specific to your Connect Customer instance. You can't view, manage, use, or audit AWS owned keys. However, you don't have to take any action or change any programs to protect the keys that encrypt your data. For more information, see [AWS owned keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk) in the _AWS Key Management Service Developer Guide_. 
@@ -481 +481 @@ AWS KMS charges apply for a customer managed key. For more information about pri
-Outbound campaigns requires a grant to use your customer managed key. When you onboard to outbound campaigns using the AWS console or the `StartInstanceOnboardingJob` API, Outbound campaigns creates a grant on your behalf by sending a `CreateGrant` request to AWS KMS. Grants in AWS KMS are used to give the Amazon Connect Outbound campaigns service-linked role access to a KMS key in your account. 
+Outbound campaigns requires a grant to use your customer managed key. When you onboard to outbound campaigns using the AWS console or the `StartInstanceOnboardingJob` API, Outbound campaigns creates a grant on your behalf by sending a `CreateGrant` request to AWS KMS. Grants in AWS KMS are used to give the Connect Customer Outbound campaigns service-linked role access to a KMS key in your account. 
@@ -870 +870 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Data handled by Amazon Connect
+Data handled by Connect Customer
@@ -872 +872 @@ Data handled by Amazon Connect
-Encryption in transit in Amazon Connect
+Encryption in transit in Connect Customer