AWS AmazonRDS documentation change
Summary
Added clarification that AWS owned keys cannot be used when restoring snapshots originally encrypted with AWS managed or customer managed keys
Security assessment
This change documents a restriction in encryption key usage during snapshot restoration. While it enhances documentation of security features (encryption key management), there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.md b/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.md index 8d5a911f5..ff5e357f1 100644 --- a//AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.md +++ b//AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.md @@ -69 +69 @@ Using AWS KMS, you can create customer managed keys and define the policies to c - * Restore the snapshot and enable encryption with your desired KMS key during the restore operation. + * Restore the snapshot and enable encryption with your desired KMS key during the restore operation. You cannot enable encryption with an AWS owned key if your cluster was originally encrypted with an AWS managed key or a customer managed key.