AWS connect documentation change
Summary
Updated service name references from 'Amazon Connect' to 'Connect Customer' throughout encryption documentation
Security assessment
Change is a branding update replacing 'Amazon Connect' with 'Connect Customer' in key management context. No security vulnerabilities are addressed; existing security controls and encryption behaviors remain unchanged.
Diff
diff --git a/connect/latest/adminguide/key-management.md b/connect/latest/adminguide/key-management.md index ec39b9fad..e7d71e571 100644 --- a//connect/latest/adminguide/key-management.md +++ b//connect/latest/adminguide/key-management.md @@ -9 +9 @@ Connect AI agentsAmazon AppIntegrationsCustomer ProfilesVoice IDOutbound campaig -# Key management in Amazon Connect +# Key management in Connect Customer @@ -13 +13 @@ You can specify AWS KMS keys, including bring your own keys (BYOK), to use for e -When you associate the AWS KMS key to the S3 storage location in Amazon Connect, the API caller's permissions (or the console user's permissions) are used to create a grant on the key with the corresponding Amazon Connect instance service role as the grantee principal. For the service linked role specific to that Amazon Connect instance, the grant allows the role to use the key for encryption and decryption. For example: +When you associate the AWS KMS key to the S3 storage location in Connect Customer, the API caller's permissions (or the console user's permissions) are used to create a grant on the key with the corresponding Connect Customer instance service role as the grantee principal. For the service linked role specific to that Connect Customer instance, the grant allows the role to use the key for encryption and decryption. For example: @@ -15 +15 @@ When you associate the AWS KMS key to the S3 storage location in Amazon Connect, - * If you call the [DisassociateInstanceStorageConfig](https://docs.aws.amazon.com/connect/latest/APIReference/API_DisassociateInstanceStorageConfig.html) API to dissociate the AWS KMS key from the S3 storage location in Amazon Connect, the grant is removed from the key. + * If you call the [DisassociateInstanceStorageConfig](https://docs.aws.amazon.com/connect/latest/APIReference/API_DisassociateInstanceStorageConfig.html) API to dissociate the AWS KMS key from the S3 storage location in Connect Customer, the grant is removed from the key. @@ -17 +17 @@ When you associate the AWS KMS key to the S3 storage location in Amazon Connect, - * If you call the [AssociateInstanceStorageConfig](https://docs.aws.amazon.com/connect/latest/APIReference/API_AssociateInstanceStorageConfig.html) API to associate the AWS KMS key to the S3 storage location in Amazon Connect but you don't have the `kms:CreateGrant` permission, the association will fail. + * If you call the [AssociateInstanceStorageConfig](https://docs.aws.amazon.com/connect/latest/APIReference/API_AssociateInstanceStorageConfig.html) API to associate the AWS KMS key to the S3 storage location in Connect Customer but you don't have the `kms:CreateGrant` permission, the association will fail. @@ -34 +34 @@ The knowledge documents used by Connect AI agents are encrypted by an AWS KMS ke -Amazon AppIntegrations doesn't support BYOK for encryption of configuration data. When syncing external application data, periodically you are required to BYOK. Amazon AppIntegrations requires a grant to use your customer managed key. When you create a data integration, Amazon AppIntegrations sends a `CreateGrant` request to AWS KMS on your behalf. You can revoke access to the grant, or remove the service's access to the customer managed key at any time. If you do, Amazon AppIntegrations won't be able to access any of the data encrypted by the customer managed key, which affects Amazon Connect services that are dependent on that data. +Amazon AppIntegrations doesn't support BYOK for encryption of configuration data. When syncing external application data, periodically you are required to BYOK. Amazon AppIntegrations requires a grant to use your customer managed key. When you create a data integration, Amazon AppIntegrations sends a `CreateGrant` request to AWS KMS on your behalf. You can revoke access to the grant, or remove the service's access to the customer managed key at any time. If you do, Amazon AppIntegrations won't be able to access any of the data encrypted by the customer managed key, which affects Connect Customer services that are dependent on that data. @@ -38 +38 @@ Amazon AppIntegrations doesn't support BYOK for encryption of configuration data -For Customer Profiles, you can specify AWS KMS keys to use for encrypting your data. If you don't specify a customer managed key, Amazon Connect Customer Profiles provides encryption by default for your data at rest using an AWS-owned encryption key. +For Customer Profiles, you can specify AWS KMS keys to use for encrypting your data. If you don't specify a customer managed key, Connect Customer Customer Profiles provides encryption by default for your data at rest using an AWS-owned encryption key. @@ -48 +48 @@ After you enable Data Vault, you can't update KMS keys for your domain or Object -For using Amazon Connect Voice ID, it is mandatory to provide a customer managed key KMS key (BYOK) while creating a Amazon Connect Voice ID domain, which is used to encrypt all the customer data at rest. +For using Connect Customer Voice ID, it is mandatory to provide a customer managed key KMS key (BYOK) while creating a Connect Customer Voice ID domain, which is used to encrypt all the customer data at rest. @@ -60 +60 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Encryption in transit in Amazon Connect +Encryption in transit in Connect Customer