AWS AmazonRDS documentation change
Summary
Updated SSH key naming conventions for RDS Custom Oracle instances to include additional prefix pattern
Security assessment
The change adds an additional SSH key naming pattern but does not address a specific security vulnerability or weakness. It expands documentation for Oracle-specific implementations without evidence of resolving a security issue.
Diff
diff --git a/AmazonRDS/latest/UserGuide/custom-security.md b/AmazonRDS/latest/UserGuide/custom-security.md index 2fb30c986..39b450942 100644 --- a//AmazonRDS/latest/UserGuide/custom-security.md +++ b//AmazonRDS/latest/UserGuide/custom-security.md @@ -44 +44 @@ An EC2 instance profile is a container for an IAM role that you can use to pass -When RDS Custom creates the EC2 instance that underlies a DB instance, it creates an SSH key pair on your behalf. The key uses the naming prefix `do-not-delete-rds-custom-ssh-privatekey-db-`. AWS Secrets Manager stores this SSH private key as a secret in your AWS account. Amazon RDS doesn't store, access, or use these credentials. For more information, see [Amazon EC2 key pairs and Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html). +When RDS Custom creates the EC2 instance that underlies a DB instance, it creates an SSH key pair on your behalf. The key uses the naming prefix `do-not-delete-rds-custom-ssh-privatekey-db-` or `rds-custom!oracle-do-not-delete-`db_resource_id-uuid`-ssh-privatekey`. AWS Secrets Manager stores this SSH private key as a secret in your AWS account. Amazon RDS doesn't store, access, or use these credentials. For more information, see [Amazon EC2 key pairs and Linux instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html).