AWS AmazonRDS medium security documentation change
Summary
Added cross-account access clarification for Data API resourceArn parameter.
Security assessment
Explicitly states security controls for cross-account access, addressing potential misconfiguration risks by requiring same-account usage or role assumption.
Diff
diff --git a/AmazonRDS/latest/AuroraUserGuide/data-api.md b/AmazonRDS/latest/AuroraUserGuide/data-api.md index a8008a73c..15d857525 100644 --- a//AmazonRDS/latest/AuroraUserGuide/data-api.md +++ b//AmazonRDS/latest/AuroraUserGuide/data-api.md @@ -472 +472 @@ Data API operation parameter | AWS CLI command option | Required | Descriptio -`resourceArn` | `--resource-arn` | Yes | The Amazon Resource Name (ARN) of the Aurora DB cluster. +`resourceArn` | `--resource-arn` | Yes | The Amazon Resource Name (ARN) of the Aurora DB cluster. The cluster must be in the same AWS account as the IAM role or user that invokes the Data API. To access a cluster in a different account, assume a role in that account.