AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-04-25 · Documentation low

File: AmazonRDS/latest/UserGuide/securing-mysql-connections.md

Summary

Restructured documentation to emphasize security controls like SSL/TLS encryption, IAM authentication, and security groups. Removed topic list and added consolidated security implementation guidance.

Security assessment

The changes enhance security documentation by consolidating information about encryption, access controls, and authentication methods. However, there is no evidence of addressing a specific security vulnerability or incident - this is a general improvement to security guidance.

Diff

diff --git a/AmazonRDS/latest/UserGuide/securing-mysql-connections.md b/AmazonRDS/latest/UserGuide/securing-mysql-connections.md
index f8046e04d..6eb05c43d 100644
--- a//AmazonRDS/latest/UserGuide/securing-mysql-connections.md
+++ b//AmazonRDS/latest/UserGuide/securing-mysql-connections.md
@@ -5,2 +4,0 @@
-MySQL security
-
@@ -9,16 +7 @@ MySQL security
-You can manage the security of your MySQL DB instances.
-
-###### Topics
-
-  * [Password validation for RDS for MySQL](./MySQL.Concepts.PasswordValidationPlugin.html)
-
-  * [Encrypting client connections with SSL/TLS to MySQL DB instances on Amazon RDS](./mysql-ssl-connections.html)
-
-  * [Updating applications to connect to MySQL DB instances using new SSL/TLS certificates](./ssl-certificate-rotation-mysql.html)
-
-  * [Using Kerberos authentication for Amazon RDS for MySQL](./mysql-kerberos.html)
-
-
-
-
-## MySQL security on Amazon RDS
+You can implement robust security measures to protect MySQL DB instances from unauthorized access and potential threats. Security groups, SSL/TLS encryption, and IAM database authentication work together to create multiple layers of connection security for your MySQL DB instances. These security controls help you meet compliance requirements, prevent data breaches, and maintain secure communication channels between applications and databases. You can secure your MySQL DB instances by encrypting data in transit, restricting access to specific IP ranges, and managing user authentication through IAM roles rather than database passwords.
@@ -32 +15 @@ Security for MySQL DB instances is managed at three levels:
-  * To authenticate login and permissions for a MySQL DB instance, you can take either of the following approaches, or a combination of them.
+  * To authenticate login and permissions for a MySQL DB instance, you can take either of the following approaches, or a combination of them: 
@@ -34 +17 @@ Security for MySQL DB instances is managed at three levels:
-You can take the same approach as with a stand-alone instance of MySQL. Commands such as `CREATE USER`, `RENAME USER`, `GRANT`, `REVOKE`, and `SET PASSWORD` work just as they do in on-premises databases, as does directly modifying database schema tables. However, directly modifying the database schema tables isn't a best practice, and starting from RDS for MySQL version 8.0.36, it isn't supported. For information, see [ Access control and account management](https://dev.mysql.com/doc/refman/8.0/en/access-control.html) in the MySQL documentation. 
+    * You can take the same approach as with a stand-alone instance of MySQL. Commands such as `CREATE USER`, `RENAME USER`, `GRANT`, `REVOKE`, and `SET PASSWORD` work just as they do in on-premises databases, as does directly modifying database schema tables. However, directly modifying the database schema tables isn't a best practice, and starting from RDS for MySQL version 8.0.36, it isn't supported. For information, see [ Access control and account management](https://dev.mysql.com/doc/refman/8.0/en/access-control.html) in the MySQL documentation. 
@@ -36 +19 @@ You can take the same approach as with a stand-alone instance of MySQL. Commands
-You can also use IAM database authentication. With IAM database authentication, you authenticate to your DB instance by using an IAM user or IAM role and an authentication token. An _authentication token_ is a unique value that is generated using the Signature Version 4 signing process. By using IAM database authentication, you can use the same credentials to control access to your AWS resources and your databases. For more information, see [IAM database authentication for MariaDB, MySQL, and PostgreSQL](./UsingWithRDS.IAMDBAuth.html). 
+    * You can also use IAM database authentication. With IAM database authentication, you authenticate to your DB instance by using an IAM user or IAM role and an authentication token. An _authentication token_ is a unique value that is generated using the Signature Version 4 signing process. By using IAM database authentication, you can use the same credentials to control access to your AWS resources and your databases. For more information, see [IAM database authentication for MariaDB, MySQL, and PostgreSQL](./UsingWithRDS.IAMDBAuth.html). 
@@ -38 +21 @@ You can also use IAM database authentication. With IAM database authentication,
-Another option is Kerberos authentication for RDS for MySQL. The DB instance works with AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to enable Kerberos authentication. When users authenticate with a MySQL DB instance joined to the trusting domain, authentication requests are forwarded. Forwarded requests go to the domain directory that you create with AWS Directory Service. For more information, see [Using Kerberos authentication for Amazon RDS for MySQL](./mysql-kerberos.html).
+    * Another option is Kerberos authentication for RDS for MySQL. The DB instance works with AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to enable Kerberos authentication. When users authenticate with a MySQL DB instance joined to the trusting domain, authentication requests are forwarded. Forwarded requests go to the domain directory that you create with AWS Directory Service. For more information, see [Using Kerberos authentication for Amazon RDS for MySQL](./mysql-kerberos.html).