AWS mgn documentation change
Summary
Updated instructions for KMS key configuration, clarifying that per-volume keys in EC2 launch templates override replication snapshot keys
Security assessment
Clarifies encryption key management hierarchy but doesn't address a specific vulnerability. Security impact: improves documentation of data-at-rest protection controls.
Diff
diff --git a/mgn/latest/ug/key-considerations.md b/mgn/latest/ug/key-considerations.md index 48c1e0bcf..c2a047ef8 100644 --- a//mgn/latest/ug/key-considerations.md +++ b//mgn/latest/ug/key-considerations.md @@ -55 +55 @@ If you delete the EC2 launch template, the service creates a new one with defaul -If you wish to set a KMS key, you should do so through the [EBS Encryption ](./replication-server-settings.html#ebs-encryption)section of the replication settings within the AWS Application Migration Service console. +You can set a per-volume KMS key directly in the EC2 launch template's storage section. If set, the launch template KMS key takes precedence over the replication snapshot's key. Alternatively, you can configure encryption through the [EBS Encryption](./replication-server-settings.html#ebs-encryption) section of the replication settings.