AWS AmazonRDS documentation change
Summary
Expanded Secrets Manager ARN patterns in IAM policy to include Oracle-specific RDS Custom secrets
Security assessment
Adds documentation for required permissions to access Oracle-related secrets in Secrets Manager. While security-related, there is no evidence this addresses a specific security vulnerability.
Diff
diff --git a/AmazonRDS/latest/UserGuide/custom-setup-orcl.md b/AmazonRDS/latest/UserGuide/custom-setup-orcl.md index b0b99f779..ba7753408 100644 --- a//AmazonRDS/latest/UserGuide/custom-setup-orcl.md +++ b//AmazonRDS/latest/UserGuide/custom-setup-orcl.md @@ -421 +421,2 @@ Set this variable to the Amazon Resource Name (ARN) of the AWS KMS key that you - "arn:aws:secretsmanager:'$REGION':'$ACCOUNT_ID':secret:do-not-delete-rds-custom-*" + "arn:aws:secretsmanager:'$REGION':'$ACCOUNT_ID':secret:do-not-delete-rds-custom-*", + "arn:aws:secretsmanager:'$REGION':'$ACCOUNT_ID':secret:rds-custom!oracle-do-not-delete-*"