AWS audit-manager documentation change
Summary
Added explanation of customer-managed KMS key protection for assessment reports in S3
Security assessment
Explicitly documents how customer-managed keys provide encryption for reports at rest, protecting data even if S3 buckets are compromised. While not fixing a specific vulnerability, this adds security-focused documentation about data protection features.
Diff
diff --git a/audit-manager/latest/userguide/settings-KMS.md b/audit-manager/latest/userguide/settings-KMS.md index ee13ee5f2..17c1f9890 100644 --- a//audit-manager/latest/userguide/settings-KMS.md +++ b//audit-manager/latest/userguide/settings-KMS.md @@ -14,0 +15,2 @@ You can choose how you encrypt your data in AWS Audit Manager. Audit Manager aut +Using a customer managed key also provides an additional layer of protection for your assessment reports. Audit Manager encrypts reports with your KMS key before writing them to Amazon S3. The report contents are unreadable without access to your key. This protects your data even if your assessment report destination S3 bucket is compromised. +