AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-07-13 · Documentation medium

File: cli/latest/reference/synthetics/get-canary.md

Summary

Added documentation for KmsKeyArn field describing customer-managed KMS key encryption for canary environment variables

Security assessment

Introduces documentation for encryption of environment variables at rest using KMS, a security feature improvement without evidence of vulnerability remediation

Diff

diff --git a/cli/latest/reference/synthetics/get-canary.md b/cli/latest/reference/synthetics/get-canary.md
index 2b9811190..e76ab2d30 100644
--- a//cli/latest/reference/synthetics/get-canary.md
+++ b//cli/latest/reference/synthetics/get-canary.md
@@ -15 +15 @@
-  * [AWS CLI 2.35.19 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.21 Command Reference](../../index.html) »
@@ -1126,0 +1127,12 @@ Canary -> (structure)
+> 
+> KmsKeyArn -> (string)
+>
+>> The Amazon Resource Name (ARN) of the customer-managed AWS Key Management Service (AWS KMS) key used to encrypt the canary’s AWS Lambda function environment variables at rest. If you don’t specify a value, the service uses an AWS-managed key.
+>> 
+>> Constraints:
+>> 
+>>   * min: `1`
+>>   * max: `2048`
+>>   * pattern: `arn:(aws[a-zA-Z-]*)?:kms:[a-z]{2,4}(-[a-z]{2,4})?-[a-z]+-\d{1}:\d{12}:key/[\w\-\/]+`
+>> 
+
@@ -1163 +1175 @@ Canary -> (structure)
-  * [AWS CLI 2.35.19 Command Reference](../../index.html) »
+  * [AWS CLI 2.35.21 Command Reference](../../index.html) »