AWS aurora-dsql documentation change
Summary
Updated documentation headers, grammar, and example values; clarified connection steps and PostgreSQL references; standardized IAM role ARN format.
Security assessment
Changes involve grammatical improvements, structural clarifications, and placeholder updates (e.g., account ID 111122223333 to 012345678912). No explicit security vulnerability, incident, or new security feature is mentioned. Updates to IAM role usage and authentication token references refine existing security practices but do not introduce new security documentation or address specific vulnerabilities.
Diff
diff --git a/aurora-dsql/latest/userguide/using-database-and-iam-roles.md b/aurora-dsql/latest/userguide/using-database-and-iam-roles.md index 30db7e26b..465946392 100644 --- a//aurora-dsql/latest/userguide/using-database-and-iam-roles.md +++ b//aurora-dsql/latest/userguide/using-database-and-iam-roles.md @@ -5 +5 @@ -Authorize database roles to connect to a clusterAuthorize database roles to use SQL in a databaseRevoke database authorization from an IAM role +Authorizing database roles to connect to your clusterAuthorizing database roles to use SQL in your databaseRevoking database authorization from an IAM role @@ -11 +11 @@ Amazon Aurora DSQL is provided as a Preview service. To learn more, see [Betas a -The following sections describe how to use database roles from PostgreSQL with IAM roles in Aurora DSQL. +In the following sections, learn how to use database roles from PostgreSQL with IAM roles in Aurora DSQL. @@ -13 +13 @@ The following sections describe how to use database roles from PostgreSQL with I -## Authorize database roles to connect to a cluster +## Authorizing database roles to connect to your cluster @@ -15 +15 @@ The following sections describe how to use database roles from PostgreSQL with I -Create an IAM role and grant connection authorization with the IAM policy action: `dsql:DbConnect` +Create an IAM role and grant connection authorization with the IAM policy action: `dsql:DbConnect`. @@ -17 +17 @@ Create an IAM role and grant connection authorization with the IAM policy action -The IAM policy must also grant permission to access the cluster resource(s). Use a wildcard `*` or [How to restrict access to cluster ARNs](https://docs.aws.amazon.com/aurora-dsql/latest/userguide/using-iam-condition-keys.html#using-iam-condition-keys-create-cluster). +The IAM policy must also grant permission to access the cluster resources. Use a wildcard (`*`) or follow the instructions in [How to restrict access to cluster ARNs](https://docs.aws.amazon.com/aurora-dsql/latest/userguide/using-iam-condition-keys.html#using-iam-condition-keys-create-cluster). @@ -19 +19 @@ The IAM policy must also grant permission to access the cluster resource(s). Use -## Authorize database roles to use SQL in a database +## Authorizing database roles to use SQL in your database @@ -21 +21 @@ The IAM policy must also grant permission to access the cluster resource(s). Use -You must use an IAM role with authorization to connect to the cluster. +You must use an IAM role with authorization to connect to your cluster. @@ -23 +23 @@ You must use an IAM role with authorization to connect to the cluster. - 1. Connect as a admin + 1. Connect to your Aurora DSQL cluster using a SQL utility. @@ -27 +27 @@ Use the `admin` database role with an IAM identity that is authorized for IAM ac - 2. Create a new database role + 2. Create a new database role. @@ -31 +31 @@ Use the `admin` database role with an IAM identity that is authorized for IAM ac - 3. Associate the database role with the AWS IAM role ARN + 3. Associate the database role with the AWS IAM role ARN. @@ -33 +33 @@ Use the `admin` database role with an IAM identity that is authorized for IAM ac - AWS IAM GRANT example TO 'arn:aws:iam::111122223333:role/example'; + AWS IAM GRANT example TO 'arn:aws:iam::012345678912:role/example'; @@ -37 +37 @@ Use the `admin` database role with an IAM identity that is authorized for IAM ac -Use `GRANT` to provide authorization within the database. +The following examples use the `GRANT` command to provide authorization within the database. @@ -46 +45 @@ Use `GRANT` to provide authorization within the database. -For more information, see [PostgreSQL GRANT](https://www.postgresql.org/docs/current/sql-grant.html) and [PostgreSQL Privileges](https://www.postgresql.org/docs/current/ddl-priv.html). +For more information, see [PostgreSQL GRANT](https://www.postgresql.org/docs/current/sql-grant.html) and [PostgreSQL Privileges](https://www.postgresql.org/docs/current/ddl-priv.html) in the PostgreSQL documentation. @@ -48 +47 @@ For more information, see [PostgreSQL GRANT](https://www.postgresql.org/docs/cur -## Revoke database authorization from an IAM role +## Revoking database authorization from an IAM role @@ -53 +52 @@ To revoke database authorization, use the `AWS IAM REVOKE` operation. - AWS IAM REVOKE example FROM 'arn:aws:iam::111122223333:role/example'; + AWS IAM REVOKE example FROM 'arn:aws:iam::012345678912:role/example'; @@ -63 +62 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Golang +Generate an authentication token @@ -65 +64 @@ Golang -Accessing Aurora DSQL +How Amazon Aurora DSQL works with PostgreSQL