AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-07-13 · Documentation medium

File: cli/latest/reference/synthetics/describe-canaries.md

Summary

Added documentation for KmsKeyArn field describing customer-managed KMS key encryption for canary environment variables

Security assessment

The change documents encryption capability for environment variables using customer-managed KMS keys, enhancing security posture but not addressing a specific vulnerability

Diff

diff --git a/cli/latest/reference/synthetics/describe-canaries.md b/cli/latest/reference/synthetics/describe-canaries.md
index 227d04193..4589c339c 100644
--- a//cli/latest/reference/synthetics/describe-canaries.md
+++ b//cli/latest/reference/synthetics/describe-canaries.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.19 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.21 Command Reference](../../index.html) »
@@ -1167,0 +1168,12 @@ Canaries -> (list)
+>> 
+>> KmsKeyArn -> (string)
+>>
+>>> The Amazon Resource Name (ARN) of the customer-managed AWS Key Management Service (AWS KMS) key used to encrypt the canary’s AWS Lambda function environment variables at rest. If you don’t specify a value, the service uses an AWS-managed key.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `2048`
+>>>   * pattern: `arn:(aws[a-zA-Z-]*)?:kms:[a-z]{2,4}(-[a-z]{2,4})?-[a-z]+-\d{1}:\d{12}:key/[\w\-\/]+`
+>>> 
+
@@ -1215 +1227 @@ NextToken -> (string)
-  * [AWS CLI 2.35.19 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.21 Command Reference](../../index.html) »