AWS aurora-dsql documentation change
Summary
Updated documentation structure and terminology regarding connections/sessions, simplified authentication library references, and clarified session lifetime/transaction limits
Security assessment
Changes focus on terminology clarification (e.g., 'Connections and sessions' instead of 'How connections work') and editorial improvements. While security mechanisms like IAM re-authentication are mentioned, these were already documented. The change from 'can't' to 'aren't' in revoked credentials context is grammatical rather than security-substantive. No new security features or vulnerability mitigations are introduced.
Diff
diff --git a/aurora-dsql/latest/userguide/working-with-connections.md b/aurora-dsql/latest/userguide/working-with-connections.md index c74c30dcc..4e07a4b41 100644 --- a//aurora-dsql/latest/userguide/working-with-connections.md +++ b//aurora-dsql/latest/userguide/working-with-connections.md @@ -5 +5 @@ -How connections workConnection limits +Connections and sessionsConnection limits @@ -9 +9 @@ Amazon Aurora DSQL is provided as a Preview service. To learn more, see [Betas a -# Aurora DSQL connections +# Connections in Aurora DSQL @@ -13 +13 @@ A _connection_ in Aurora DSQL is a single, active, TLS-encrypted TCP session bet -## How connections work +## Connections and sessions @@ -21 +21 @@ To connect to Aurora DSQL, use a standard PostgreSQL-compatible driver configure - * An authentication token generated using Aurora DSQL-provided libraries supported by AWS + * An authentication token generated using libraries provided by Aurora DSQL @@ -26 +26 @@ To connect to Aurora DSQL, use a standard PostgreSQL-compatible driver configure -After you establish a connection, it maps to exactly one session. A session can't exist without a connection. Aurora DSQL authenticates each session with a state, such as prepared statements or an active query. Aurora DSQL re-authenticates users at the start of every transaction against its IAM trust tables. This mechanism ensures that revoked credentials can't be reused in ongoing sessions. +A connection maps to exactly one session. A session can't exist without a connection. @@ -28 +28,3 @@ After you establish a connection, it maps to exactly one session. A session can' -Each session lasts up to 1 hour. Individual transactions within the session are limited to 5 minutes. If a transaction begins at the end of the session lifetime (that is, at the 60th minute), Aurora DSQL allows the transaction to run for the full 5-minute transaction window before closing the session. If Aurora DSQL can't establish a session—for example, due to authentication failure or internal resource exhaustion—the connection attempt is rejected. +Aurora DSQL authenticates each session with a state, such as prepared statements or an active query. Aurora DSQL re-authenticates users at the start of every transaction against its IAM trust tables. This mechanism ensures that revoked credentials aren't reused in ongoing sessions. + +Each session lasts up to 1 hour. Individual transactions within a session are limited to 5 minutes. If a transaction begins at the end of the session lifetime (that is, at the 60th minute), Aurora DSQL allows the transaction to run for 5 minutes before closing the session. If Aurora DSQL can't establish a session—for example, because authentication fails or internal resources are exhausted—the connection attempt is rejected.