AWS Security ChangesHomeSearch

AWS mgn documentation change

Service: mgn · 2026-05-19 · Documentation low

File: mgn/latest/ug/key-considerations.md

Summary

Updated instructions for KMS key configuration, clarifying that per-volume keys in EC2 launch templates override replication snapshot keys

Security assessment

Clarifies encryption key management hierarchy but doesn't address a specific vulnerability. Security impact: improves documentation of data-at-rest protection controls.

Diff

diff --git a/mgn/latest/ug/key-considerations.md b/mgn/latest/ug/key-considerations.md
index 48c1e0bcf..c2a047ef8 100644
--- a//mgn/latest/ug/key-considerations.md
+++ b//mgn/latest/ug/key-considerations.md
@@ -55 +55 @@ If you delete the EC2 launch template, the service creates a new one with defaul
-If you wish to set a KMS key, you should do so through the [EBS Encryption ](./replication-server-settings.html#ebs-encryption)section of the replication settings within the AWS Application Migration Service console.
+You can set a per-volume KMS key directly in the EC2 launch template's storage section. If set, the launch template KMS key takes precedence over the replication snapshot's key. Alternatively, you can configure encryption through the [EBS Encryption](./replication-server-settings.html#ebs-encryption) section of the replication settings.