AWS Security ChangesHomeSearch

AWS redshift high security documentation change

Service: redshift · 2025-05-10 · Security-related high

File: redshift/latest/mgmt/behavior-changes.md

Summary

Added upcoming changes for audit logging requiring service-principal instead of IAM user

Security assessment

Addresses critical security logging configuration change. Failure to update S3 bucket policies could disrupt audit trails, impacting security monitoring.

Diff

diff --git a/redshift/latest/mgmt/behavior-changes.md b/redshift/latest/mgmt/behavior-changes.md
index 5779964e7..8ebd14995 100644
--- a//redshift/latest/mgmt/behavior-changes.md
+++ b//redshift/latest/mgmt/behavior-changes.md
@@ -14,0 +15,13 @@ The following describes upcoming behavior changes.
+###### Topics
+
+  * Minimum Transport Layer Security (TLS) version changes effective after October 31, 2025
+
+  * Database audit logging changes effective after August 10, 2025
+
+  * Query monitoring changes effective after May 2, 2025
+
+  * Security changes effective after January 10, 2025
+
+
+
+
@@ -43,0 +57,8 @@ We recommend using the latest version of the Amazon Redshift driver [3] if possi
+### Database audit logging changes effective after August 10, 2025
+
+Beginning August 10, 2025, Amazon Redshift is making a change to Database Audit Logging, which requires your action. Amazon Redshift logs information about connections and user activities in your database to Amazon S3 buckets and CloudWatch. After August 10, 2025, Amazon Redshift will discontinue database audit logging to your Amazon S3 buckets which have a bucket policy specifying a Redshift IAM USER. We recommend updating your policies to use the Redshift SERVICE-PRINCIPAL instead, within S3 bucket policies for audit logging. For information about audit logging, see [Bucket permissions for Amazon Redshift audit logging](./db-auditing.html#db-auditing-bucket-permissions). 
+
+To avoid any logging interruption, review and update your S3 bucket policies to grant access to the Redshift service-principal in the associated region prior to August 10, 2025. For information about database audit logging, see [Log files in Amazon S3](./db-auditing.html#db-auditing-manage-log-files)
+
+For questions or concerns, contact AWS support at the following link: [AWS Support](https://aws.amazon.com/support).
+