AWS Security ChangesHomeSearch

AWS audit-manager documentation change

Service: audit-manager · 2026-06-13 · Documentation medium

File: audit-manager/latest/userguide/settings-KMS.md

Summary

Added explanation of customer-managed KMS key protection for assessment reports in S3

Security assessment

Explicitly documents how customer-managed keys provide encryption for reports at rest, protecting data even if S3 buckets are compromised. While not fixing a specific vulnerability, this adds security-focused documentation about data protection features.

Diff

diff --git a/audit-manager/latest/userguide/settings-KMS.md b/audit-manager/latest/userguide/settings-KMS.md
index ee13ee5f2..17c1f9890 100644
--- a//audit-manager/latest/userguide/settings-KMS.md
+++ b//audit-manager/latest/userguide/settings-KMS.md
@@ -14,0 +15,2 @@ You can choose how you encrypt your data in AWS Audit Manager. Audit Manager aut
+Using a customer managed key also provides an additional layer of protection for your assessment reports. Audit Manager encrypts reports with your KMS key before writing them to Amazon S3. The report contents are unreadable without access to your key. This protects your data even if your assessment report destination S3 bucket is compromised.
+