AWS config high security documentation change
Summary
Expanded compliance criteria for RDS SQL Server encryption in transit to require both force_ssl=1 and ApplyStatus='in-sync'
Security assessment
The change strengthens encryption enforcement by adding a new compliance check for parameter synchronization status. This directly relates to ensuring secure encrypted connections.
Diff
diff --git a/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md b/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md index 01917c7cd..005a548c6 100644 --- a/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md +++ b/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md @@ -9 +9 @@ AWS CloudFormation template -Checks if connections to an RDS SQL Server database instances are configured to use encryption in transit. The rule will be NON_COMPLIANT if the associated database parameter group parameter force_ssl is not set to 1. +Checks if connections to Amazon RDS SQL server database instances are configured to use encryption in transit. The rule is NON_COMPLIANT if the DB parameter force_ssl for the parameter group is not set to 1 or the ApplyStatus parameter is not 'in-sync'.