AWS Security ChangesHomeSearch

AWS config high security documentation change

Service: config · 2025-03-30 · Security-related high

File: config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md

Summary

Expanded compliance criteria for RDS SQL Server encryption in transit to require both force_ssl=1 and ApplyStatus='in-sync'

Security assessment

The change strengthens encryption enforcement by adding a new compliance check for parameter synchronization status. This directly relates to ensuring secure encrypted connections.

Diff

diff --git a/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md b/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md
index 01917c7cd..005a548c6 100644
--- a/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md
+++ b/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.md
@@ -9 +9 @@ AWS CloudFormation template
-Checks if connections to an RDS SQL Server database instances are configured to use encryption in transit. The rule will be NON_COMPLIANT if the associated database parameter group parameter force_ssl is not set to 1. 
+Checks if connections to Amazon RDS SQL server database instances are configured to use encryption in transit. The rule is NON_COMPLIANT if the DB parameter force_ssl for the parameter group is not set to 1 or the ApplyStatus parameter is not 'in-sync'.