AWS Security ChangesHomeSearch

AWS systems-manager documentation change

Service: systems-manager · 2026-05-10 · Documentation low

File: systems-manager/latest/userguide/secure-string-parameter-kms-encryption.md

Summary

Updated hyperlink text from 'Managing parameter tiers' to 'Managing tiers'

Security assessment

The change is a minor documentation edit that only modifies anchor text for an existing link. It doesn't alter security-related content about KMS encryption, parameter tiers, or encryption methods. No security implications are present.

Diff

diff --git a/systems-manager/latest/userguide/secure-string-parameter-kms-encryption.md b/systems-manager/latest/userguide/secure-string-parameter-kms-encryption.md
index 03c310e1a..c58ca0294 100644
--- a//systems-manager/latest/userguide/secure-string-parameter-kms-encryption.md
+++ b//systems-manager/latest/userguide/secure-string-parameter-kms-encryption.md
@@ -21 +21 @@ Parameter Store supports only [symmetric KMS keys](https://docs.aws.amazon.com/k
-Parameter Store supports two tiers of `SecureString` parameters: _standard_ and _advanced_. Standard parameters, which cannot exceed 4096 bytes, are encrypted and decrypted directly under the KMS key that you specify. To encrypt and decrypt advanced `SecureString` parameters, Parameter Store uses envelope encryption with the [AWS Encryption SDK](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/). You can convert a standard `SecureString` parameter to an advanced parameter, but you cannot convert an advanced parameter to a standard one. For more information about the difference between standard and advanced `SecureString` parameters, see [Managing parameter tiers](./parameter-store-advanced-parameters.html).
+Parameter Store supports two tiers of `SecureString` parameters: _standard_ and _advanced_. Standard parameters, which cannot exceed 4096 bytes, are encrypted and decrypted directly under the KMS key that you specify. To encrypt and decrypt advanced `SecureString` parameters, Parameter Store uses envelope encryption with the [AWS Encryption SDK](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/). You can convert a standard `SecureString` parameter to an advanced parameter, but you cannot convert an advanced parameter to a standard one. For more information about the difference between standard and advanced `SecureString` parameters, see [Managing tiers](./parameter-store-advanced-parameters.html).