AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-06-10 · Documentation low

File: AmazonCloudWatch/latest/monitoring/data-protection.md

Summary

Added 'Encryption at rest' section explaining AWS owned keys and CMK options for OpenTelemetry metrics

Security assessment

Documents encryption mechanisms for data protection but shows no evidence of patching a security vulnerability

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/data-protection.md b/AmazonCloudWatch/latest/monitoring/data-protection.md
index 8f4fe6435..f40cf76d0 100644
--- a//AmazonCloudWatch/latest/monitoring/data-protection.md
+++ b//AmazonCloudWatch/latest/monitoring/data-protection.md
@@ -7 +7 @@
-Encryption in transit
+Encryption at restEncryption in transit
@@ -31,0 +32,6 @@ We strongly recommend that you never put confidential or sensitive information,
+## Encryption at rest
+
+CloudWatch always encrypts data at rest. By default, CloudWatch uses AWS owned keys to encrypt your data. You don't need to take any action to use AWS owned keys.
+
+For CloudWatch Dataset resources, you can optionally use a customer managed key in AWS Key Management Service to encrypt your data. For more information, see [Encryption at rest for OpenTelemetry metrics](./cmk-encryption.html).
+
@@ -44 +50 @@ Security
-Identity and access management
+Encryption at rest for OTel metrics