AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-04-11 · Security-related medium

File: AmazonRDS/latest/AuroraUserGuide/data-api.md

Summary

Added cross-account access clarification for Data API resourceArn parameter.

Security assessment

Explicitly states security controls for cross-account access, addressing potential misconfiguration risks by requiring same-account usage or role assumption.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/data-api.md b/AmazonRDS/latest/AuroraUserGuide/data-api.md
index a8008a73c..15d857525 100644
--- a//AmazonRDS/latest/AuroraUserGuide/data-api.md
+++ b//AmazonRDS/latest/AuroraUserGuide/data-api.md
@@ -472 +472 @@ Data API operation parameter |  AWS CLI command option |  Required |  Descriptio
-`resourceArn` |  `--resource-arn` |  Yes |  The Amazon Resource Name (ARN) of the Aurora DB cluster.  
+`resourceArn` |  `--resource-arn` |  Yes |  The Amazon Resource Name (ARN) of the Aurora DB cluster. The cluster must be in the same AWS account as the IAM role or user that invokes the Data API. To access a cluster in a different account, assume a role in that account.