AWS AmazonCloudWatch documentation change
Summary
Added 'Encryption at rest' section explaining AWS owned keys and CMK options for OpenTelemetry metrics
Security assessment
Documents encryption mechanisms for data protection but shows no evidence of patching a security vulnerability
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/data-protection.md b/AmazonCloudWatch/latest/monitoring/data-protection.md index 8f4fe6435..f40cf76d0 100644 --- a//AmazonCloudWatch/latest/monitoring/data-protection.md +++ b//AmazonCloudWatch/latest/monitoring/data-protection.md @@ -7 +7 @@ -Encryption in transit +Encryption at restEncryption in transit @@ -31,0 +32,6 @@ We strongly recommend that you never put confidential or sensitive information, +## Encryption at rest + +CloudWatch always encrypts data at rest. By default, CloudWatch uses AWS owned keys to encrypt your data. You don't need to take any action to use AWS owned keys. + +For CloudWatch Dataset resources, you can optionally use a customer managed key in AWS Key Management Service to encrypt your data. For more information, see [Encryption at rest for OpenTelemetry metrics](./cmk-encryption.html). + @@ -44 +50 @@ Security -Identity and access management +Encryption at rest for OTel metrics