AWS Security ChangesHomeSearch

AWS aurora-dsql documentation change

Service: aurora-dsql · 2025-03-10 · Documentation low

File: aurora-dsql/latest/userguide/working-with-service-linked-roles.md

Summary

Added IAM permissions note and policy example for service-linked role creation

Security assessment

Documents required permissions for service-linked roles but doesn't address specific vulnerabilities

Diff

diff --git a/aurora-dsql/latest/userguide/working-with-service-linked-roles.md
index 35a6dd41b..1bba727bf 100644
--- a/aurora-dsql/latest/userguide/working-with-service-linked-roles.md
+++ b/aurora-dsql/latest/userguide/working-with-service-linked-roles.md
@@ -22,0 +23,19 @@ Aurora DSQL uses the service-linked role named `AWSServiceRoleForAuroraDsql` –
+###### Note
+
+You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role. You might encounter the following error message: `You don't have the permissions to create an Amazon Aurora DSQL service-linked role`. If you see this message, make sure that you have the following permissions enabled:
+    
+    
+    {
+    "Sid" : "CreateDsqlServiceLinkedRole",
+        "Effect" : "Allow",
+        "Action" : "iam:CreateServiceLinkedRole",
+        "Resource" : "*",
+        "Condition" : {
+          "StringEquals" : {
+            "iam:AWSServiceName" : "dsql.amazonaws.com"
+          }
+        }
+      }
+
+For more information, see [Service-linked role permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create-service-linked-role.html#service-linked-role-permissions.html).
+