Periodic update September 2021

Author: darlaker

doc_source/S3-artifact-encryption.md

@@ -1,13 +1,13 @@
 # Configure server\-side encryption for artifacts stored in Amazon S3 for CodePipeline<a name="S3-artifact-encryption"></a>
 
 There are two ways to configure server\-side encryption for Amazon S3 artifacts:
-+ CodePipeline creates an S3 artifact bucket and default AWS managed CMK when you create a pipeline using the Create Pipeline wizard\. The AWS managed CMK is encrypted along with object data and managed by AWS\.
-+ You can create and manage your own customer managed CMK\.
++ CodePipeline creates an S3 artifact bucket and default AWS managed key when you create a pipeline using the Create Pipeline wizard\. The AWS managed key is encrypted along with object data and managed by AWS\.
++ You can create and manage your own customer managed key\.
 
 **Important**  
-CodePipeline only supports symmetric customer master keys \(CMKs\)\. Do not use an asymmetric CMK to encrypt the data in your S3 bucket\.
+CodePipeline only supports symmetric KMS keys\. Do not use an asymmetric KMS key to encrypt the data in your S3 bucket\.
 
-If you are using the default S3 key, you cannot change or delete this AWS managed CMK\. If you are using a customer managed CMK in AWS KMS to encrypt or decrypt artifacts in the S3 bucket, you can change or rotate this customer managed CMK as necessary\.
+If you are using the default S3 key, you cannot change or delete this AWS managed key\. If you are using a customer managed key in AWS KMS to encrypt or decrypt artifacts in the S3 bucket, you can change or rotate this customer managed key as necessary\.
 
 Amazon S3 supports bucket policies that you can use if you require server\-side encryption for all objects that are stored in your bucket\. For example, the following bucket policy denies upload object \(`s3:PutObject`\) permission to everyone if the request does not include the `x-amz-server-side-encryption` header requesting server\-side encryption with SSE\-KMS\.
 
@@ -44,23 +44,23 @@ Amazon S3 supports bucket policies that you can use if you require server\-side
 }
 ```
 
-For more information about server\-side encryption and AWS KMS, see [Protecting Data Using Server\-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) and [Protecting Data Using Server\-Side Encryption with CMKs Stored in AWS Key Management Service \(SSE\-KMS\)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html)\.
+For more information about server\-side encryption and AWS KMS, see [Protecting Data Using Server\-Side Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html) and [Protecting data using server\-side encryption with KMS keys stored in AWS Key Management Service \(SSE\-KMS\)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html)\.
 
 For more information about AWS KMS, see the [AWS Key Management Service Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/)\.
 
 **Topics**
-+ [View your AWS managed CMK](#S3-view-default-keys)
++ [View your AWS managed key](#S3-view-default-keys)
 + [Configure server\-side encryption for S3 buckets using AWS CloudFormation or the AWS CLI](#S3-rotate-customer-key)
 
-### View your AWS managed CMK<a name="S3-view-default-keys"></a>
+### View your AWS managed key<a name="S3-view-default-keys"></a>
 
-When you use the **Create Pipeline** wizard to create your first pipeline, an S3 bucket is created for you in the same Region you created the pipeline\. The bucket is used to store pipeline artifacts\. When a pipeline runs, artifacts are put into and retrieved from the S3 bucket\. By default, CodePipeline uses server\-side encryption with AWS KMS using the AWS managed CMK for Amazon S3 \(the `aws/s3` key\)\. This AWS managed CMK is created and stored in your AWS account\. When artifacts are retrieved from the S3 bucket, CodePipeline uses the same SSE\-KMS process to decrypt the artifact\.
+When you use the **Create Pipeline** wizard to create your first pipeline, an S3 bucket is created for you in the same Region you created the pipeline\. The bucket is used to store pipeline artifacts\. When a pipeline runs, artifacts are put into and retrieved from the S3 bucket\. By default, CodePipeline uses server\-side encryption with AWS KMS using the AWS managed key for Amazon S3 \(the `aws/s3` key\)\. This AWS managed key is created and stored in your AWS account\. When artifacts are retrieved from the S3 bucket, CodePipeline uses the same SSE\-KMS process to decrypt the artifact\.
 
-**To view information about your AWS managed CMK**
+**To view information about your AWS managed key**
 
 1. Sign in to the AWS Management Console and open the AWS KMS console\.
 
-1. If a welcome page appears, choose **Get Started Now**\.
+1. If a welcome page appears, choose **Get started now**\.
 
 1. In the service navigation pane, choose **AWS managed keys**\. 
 
@@ -74,13 +74,13 @@ When you use the **Create Pipeline** wizard to create your first pipeline, an S3
 
 ### Configure server\-side encryption for S3 buckets using AWS CloudFormation or the AWS CLI<a name="S3-rotate-customer-key"></a>
 
-When you use AWS CloudFormation or the AWS CLI to create a pipeline, you must configure server\-side encryption manually\. Use the sample bucket policy above, and then create your own customer managed CMK\. You can also use your own keys instead of the AWS managed CMK\. Some reasons to choose your own key include:
+When you use AWS CloudFormation or the AWS CLI to create a pipeline, you must configure server\-side encryption manually\. Use the sample bucket policy above, and then create your owncustomer managed key\. You can also use your own keys instead of the AWS managed key\. Some reasons to choose your own key include:
 + You want to rotate the key on a schedule to meet business or security requirements for your organization\.
-+ You want to create a pipeline that uses resources associated with another AWS account\. This requires the use of a customer managed CMK\. For more information, see [Create a pipeline in CodePipeline that uses resources from another AWS account](pipelines-create-cross-account.md)\. 
++ You want to create a pipeline that uses resources associated with another AWS account\. This requires the use of a customer managed key\. For more information, see [Create a pipeline in CodePipeline that uses resources from another AWS account](pipelines-create-cross-account.md)\. 
 
-Cryptographic best practices discourage extensive reuse of encryption keys\. As a best practice, rotate your key on a regular basis\. To create new cryptographic material for your AWS KMS keys, you can create a customer managed CMK, and then change your applications or aliases to use the new customer managed CMK\. Or, you can enable automatic key rotation for an existing customer managed CMK\. 
+Cryptographic best practices discourage extensive reuse of encryption keys\. As a best practice, rotate your key on a regular basis\. To create new cryptographic material for your AWS KMS keys, you can create a customer managed key, and then change your applications or aliases to use the new customer managed key\. Or, you can enable automatic key rotation for an existing customer managed key\. 
 
-To rotate your customer managed CMK, see [Rotating Customer Master Keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)\. 
+To rotate your customer managed key, see [Rotating keys](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)\. 
 
 **Important**  
-CodePipeline only supports symmetric customer master keys \(CMKs\)\. Do not use an asymmetric CMK to encrypt the data in your S3 bucket\.
+CodePipeline only supports symmetric KMS keys\. Do not use an asymmetric KMS key to encrypt the data in your S3 bucket\.

doc_source/action-reference-CodeCommit.md

@@ -89,7 +89,7 @@ For more information about the difference between an author and a committer in G
 
 ## Example action configuration<a name="action-reference-CodeCommit-example"></a>
 
-### Example for default output artifact format<a name="w23aac43c29c25b3"></a>
+### Example for default output artifact format<a name="w23aac44c29c25b3"></a>
 
 ------
 #### [ YAML ]
@@ -147,7 +147,7 @@ Actions:
 
 ------
 
-### Example for full clone output artifact format<a name="w23aac43c29c25b5"></a>
+### Example for full clone output artifact format<a name="w23aac44c29c25b5"></a>
 
 ------
 #### [ YAML ]

doc_source/actions-create-custom-action.md

@@ -237,7 +237,7 @@ After you have mapped out your high\-level workflow, you can create your job wor
 + Acknowledging jobs and returning results to CodePipeline using `AcknowledgeJob`, `PutJobSuccessResult`, and `PutJobFailureResult`\.
 + Retrieving artifacts from and/or putting artifacts into the Amazon S3 bucket for the pipeline\. To download artifacts from the Amazon S3 bucket, you must create an Amazon S3 client that uses Signature Version 4 signing \(Sig V4\)\. Sig V4 is required for AWS KMS\.
 
-  To upload artifacts to the Amazon S3 bucket, you must additionally configure the Amazon S3 `[PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/SOAPPutObject.html)` request to use encryption\. Currently only AWS Key Management Service \(AWS KMS\) is supported for encryption\. AWS KMS uses customer master keys \(CMKs\)\. In order to know whether to use the AWS managed CMK or a customer managed CMK to upload artifacts, your custom job worker must look at the [job data](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_JobData.html) and check the [encryption key](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_EncryptionKey.html) property\. If the property is set, you should use that customer managed CMK ID when configuring AWS KMS\. If the key property is null, you use the AWS managed CMK\. CodePipeline uses the AWS managed CMK unless otherwise configured\.
+  To upload artifacts to the Amazon S3 bucket, you must additionally configure the Amazon S3 `[PutObject](https://docs.aws.amazon.com/AmazonS3/latest/API/SOAPPutObject.html)` request to use encryption\. Currently only AWS Key Management Service \(AWS KMS\) is supported for encryption\. AWS KMS uses AWS KMS keys\. In order to know whether to use an AWS managed key or a customer managed key to upload artifacts, your custom job worker must look at the [job data](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_JobData.html) and check the [encryption key](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_EncryptionKey.html) property\. If the property is set, you should use that customer managed key ID when configuring AWS KMS\. If the key property is null, you use the AWS managed key\. CodePipeline uses the AWS managed key unless otherwise configured\.
 
   For an example that shows how to create the AWS KMS parameters in Java or \.NET, see [Specifying the AWS Key Management Service in Amazon S3 Using the AWS SDKs](https://docs.aws.amazon.com/AmazonS3/latest/dev/kms-using-sdks.html)\. For more information about the Amazon S3 bucket for CodePipeline, see [CodePipeline concepts](concepts.md)\.
 

doc_source/create-cwe-ecr-source-cli.md

@@ -6,7 +6,7 @@ Call the put\-rule command, specifying:
 
 **To create a CloudWatch Events rule with Amazon ECR as the event source and CodePipeline as the target**
 
-1. Add permissions for Amazon CloudWatch Events to use CodePipeline to invoke the rule\. For more information, see [Using Resource\-Based Policies for Amazon CloudWatch Events](http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/resource-based-policies-cwe.html)\.
+1. Add permissions for Amazon CloudWatch Events to use CodePipeline to invoke the rule\. For more information, see [Using resource\-based policies for Amazon EventBridge](http://docs.aws.amazon.com/eventbridge/latest/userguide/eb-use-resource-based.html)\.
 
    1. Use the following sample to create the trust policy that allows CloudWatch Events to assume the service role\. Name the trust policy `trustpolicyforCWE.json`\.
 

doc_source/customer-managed-policies.md

@@ -274,7 +274,7 @@ The following example shows a policy configured by AccountA for an S3 bucket use
 }
 ```
 
- The following example shows a policy configured by AccountA that allows AccountB to assume a role\. This policy must be applied to the service role for CodePipeline \(`AWS-CodePipeline-Service`\)\. For more information about how to apply policies to roles in IAM, see [Modifying a Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing.html)\. In the following example, `012ID_ACCOUNT_B` is the ARN for AccountB:
+ The following example shows a policy configured by AccountA that allows AccountB to assume a role\. This policy must be applied to the service role for CodePipeline \(`CodePipeline_Service_Role`\)\. For more information about how to apply policies to roles in IAM, see [Modifying a Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing.html)\. In the following example, `012ID_ACCOUNT_B` is the ARN for AccountB:
 
 ```
 {

doc_source/data-protection.md

@@ -10,7 +10,7 @@ For data protection purposes, we recommend that you protect AWS account credenti
 + Use advanced managed security services such as Amazon Macie, which assists in discovering and securing personal data that is stored in Amazon S3\.
 + If you require FIPS 140\-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint\. For more information about the available FIPS endpoints, see [Federal Information Processing Standard \(FIPS\) 140\-2](http://aws.amazon.com/compliance/fips/)\.
 
-We strongly recommend that you never put sensitive identifying information, such as your customers' account numbers, into free\-form fields such as a **Name** field\. This includes when you work with CodePipeline or other AWS services using the console, API, AWS CLI, or AWS SDKs\. Any data that you enter into CodePipeline or other services might get picked up for inclusion in diagnostic logs\. When you provide a URL to an external server, don't include credentials information in the URL to validate your request to that server\.
+We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free\-form fields such as a **Name** field\. This includes when you work with CodePipeline or other AWS services using the console, API, AWS CLI, or AWS SDKs\. Any data that you enter into tags or free\-form fields used for names may be used for billing or diagnostic logs\. If you provide a URL to an external server, we strongly recommend that you do not include credentials information in the URL to validate your request to that server\.
 
 ## Internetwork traffic privacy<a name="inter-network-traffic-privacy"></a>
 
@@ -24,18 +24,18 @@ To connect your VPC to CodePipeline, you define an interface VPC endpoint for Co
 
 ## Encryption at rest<a name="encryption-at-rest"></a>
 
-Data in CodePipeline is encrypted at rest using AWS KMS customer master keys \(CMKs\)\. Code artifacts are stored in a customer\-owned S3 bucket and encrypted with either the AWS managed CMK or a customer managed CMK\. For more information, see [Configure server\-side encryption for artifacts stored in Amazon S3 for CodePipeline](S3-artifact-encryption.md)\.
+Data in CodePipeline is encrypted at rest using AWS KMS keys\. Code artifacts are stored in a customer\-owned S3 bucket and encrypted with either the AWS managed key or a customer managed key\. For more information, see [Configure server\-side encryption for artifacts stored in Amazon S3 for CodePipeline](S3-artifact-encryption.md)\.
 
 ## Encryption in transit<a name="encryption-in-transit"></a>
 
 All service\-to\-service communication is encrypted in transit using SSL/TLS\. 
 
 ## Encryption key management<a name="key-management"></a>
 
-If you choose the default option for encrypting code artifacts, CodePipeline uses the AWS managed CMK\. You cannot change or delete this AWS managed CMK\. If you use a customer managed CMK in AWS KMS to encrypt or decrypt artifacts in the S3 bucket, you can change or rotate this customer managed CMK as necessary\.
+If you choose the default option for encrypting code artifacts, CodePipeline uses the AWS managed key\. You cannot change or delete this AWS managed key\. If you use a customer managed key in AWS KMS to encrypt or decrypt artifacts in the S3 bucket, you can change or rotate this customer managed key as necessary\.
 
 **Important**  
-CodePipeline only supports symmetric customer master keys \(CMKs\)\. Do not use an asymmetric CMK to encrypt the data in your S3 bucket\.
+CodePipeline only supports symmetric KMS keys\. Do not use an asymmetric KMS key to encrypt the data in your S3 bucket\.
 
 ## Data protection configuration<a name="security-configuration"></a>
 

doc_source/history.md

@@ -2,7 +2,7 @@
 
 The following table describes the important changes in each release of the CodePipeline User Guide\. For notification about updates to this documentation, you can subscribe to an RSS feed\.
 + **API version:** 2015\-07\-09
-+ **Latest documentation update:** July 6, 2021
++ **Latest documentation update:** September 14, 2021
 
 | Change | Description | Date | 
 | --- |--- |--- |

doc_source/integrations-community-blogposts.md

@@ -85,11 +85,6 @@
 
   Learn how to provision a basic continuous delivery pipeline in CodePipeline using AWS CloudFormation\.
 
-  *Published December 2015*
-+ [Building Continuous Deployment on AWS with CodePipeline, Jenkins, and Elastic Beanstalk](https://blogs.aws.amazon.com/application-management/post/Tx34AXRMYLXG5OT/Building-Continuous-Deployment-on-AWS-with-AWS-CodePipeline-Jenkins-and-AWS-Elas)
-
-  Learn how to use GitHub, CodePipeline, Jenkins, and Elastic Beanstalk to create a deployment pipeline for a web application that is updated automatically every time you change your code\.
-
   *Published December 2015*
 + [Performance Testing in Continuous Delivery Using CodePipeline and BlazeMeter](https://aws.amazon.com/blogs/apn/performance-testing-in-continuous-delivery-using-aws-codepipeline-and-blazemeter/)