AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-04-20 · Security-related medium

File: AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.CreateUser.md

Summary

Added a security best practice warning against cloning master user permissions in applications.

Security assessment

The change explicitly warns about a security anti-pattern (overprivileged accounts) and links to guidance for secure permission management, addressing a common security weakness.

Diff

diff --git a/AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.CreateUser.md b/AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.CreateUser.md
index 3feff3aff..014f7f5a4 100644
--- a//AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.CreateUser.md
+++ b//AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.CreateUser.md
@@ -28,0 +29,2 @@ If you get permission errors when adding a user, you can restore privileges by m
+It is not a best practice to clone master user permissions in your applications. For more information, see [How to clone master user permissions in Amazon RDS for SQL Server](https://aws.amazon.com/blogs/database/how-to-clone-master-user-permissions-in-amazon-rds-for-sql-server/).
+