AWS Security ChangesHomeSearch

AWS aurora-dsql documentation change

Service: aurora-dsql · 2025-05-28 · Documentation low

File: aurora-dsql/latest/userguide/best-practices-security-preventative.md

Summary

Updated security best practices documentation with improved phrasing, removed preview notice, corrected formatting, and updated links

Security assessment

Changes emphasize security best practices like using IAM roles instead of stored credentials and implementing least privilege, but do not address specific vulnerabilities. The updates improve clarity of existing security recommendations without indicating response to new security issues.

Diff

diff --git a/aurora-dsql/latest/userguide/best-practices-security-preventative.md b/aurora-dsql/latest/userguide/best-practices-security-preventative.md
index 255371fb8..17f8cb47b 100644
--- a//aurora-dsql/latest/userguide/best-practices-security-preventative.md
+++ b//aurora-dsql/latest/userguide/best-practices-security-preventative.md
@@ -5,2 +4,0 @@
-Amazon Aurora DSQL is provided as a Preview service. To learn more, see [Betas and Previews ](https://aws.amazon.com/service-terms/) in the AWS Service Terms. 
-
@@ -11 +9 @@ In addition to the following ways to securely use Aurora DSQL, see [Security](ht
-**Use IAM roles to authenticate access to Aurora DSQL**
+**Use IAM roles to authenticate access to Aurora DSQL.**
@@ -14 +12 @@ In addition to the following ways to securely use Aurora DSQL, see [Security](ht
-For users, applications, and other AWS services to access Aurora DSQL, they must include valid AWS credentials in their AWS API requests. You should not store AWS credentials directly in the application or EC2 instance. These are long-term credentials that are not automatically rotated, and therefore could have significant business impact if they are compromised. An IAM role lets you obtain temporary access keys that can be used to access AWS services and resources.
+Users, applications, and other AWS services that access Aurora DSQL must include valid AWS credentials in AWS API and AWS CLI requests. You shouldn't store AWS credentials directly in the application or EC2 instances. These are long-term credentials that aren't automatically rotated. There is significant business impact if these credentials are compromised. An IAM role lets you obtain temporary access keys that you can use to access AWS services and resources.
@@ -18 +16 @@ For more information, see [Authentication and authorization for Aurora DSQL](./a
-**Use IAM policies for Aurora DSQL base authorization**
+**Use IAM policies for Aurora DSQL base authorization.**
@@ -21 +19 @@ For more information, see [Authentication and authorization for Aurora DSQL](./a
-When granting permissions, you decide who is getting them, which Aurora DSQL API operations they are getting permissions for, and the specific actions you want to allow on those resources. Implementing least privilege is key in reducing security risk and the impact that can result from errors or malicious intent.
+When you grant permissions, you decide who is getting them, which Aurora DSQL API operations they are getting permissions for, and the specific actions you want to allow on those resources. Implementing least privilege is key in reducing security risk and the impact that can result from errors or malicious intent.
@@ -23 +21 @@ When granting permissions, you decide who is getting them, which Aurora DSQL API
-Attach permissions policies to IAM roles and thereby grant permissions to perform operations on Aurora DSQL resources. Also available are [permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html), which let you set the maximum permissions that an identity-based policy can grant to an IAM entity.
+Attach permissions policies to IAM roles and grant permissions to perform operations on Aurora DSQL resources. Also available are [permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html), which let you set the maximum permissions that an identity-based policy can grant to an IAM entity.
@@ -25 +23 @@ Attach permissions policies to IAM roles and thereby grant permissions to perfor
-Similar to the [ root user best practices for your AWS account](https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-best-practices.html), don't use the admin role in Aurora DSQL to perform everyday operations. Instead, we recommend that you create custom database roles to manage and connect to your cluster. For more information, see [Accessing Aurora DSQL](./getting-started.html#accessing) and [Authentication and authorization for Aurora DSQL](./authentication-authorization.html).
+Similar to the [ root user best practices for your AWS account](https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-best-practices.html), don't use the `admin` role in Aurora DSQL to perform everyday operations. Instead, we recommend that you create custom database roles to manage and connect to your cluster. For more information, see [ Accessing Aurora DSQL](https://docs.aws.amazon.com/aurora-dsql/latest/userguide/accessing.html) and [Understanding authentication and authorization for Aurora DSQL](https://docs.aws.amazon.com/aurora-dsql/latest/userguide/accessing.html).
@@ -35 +33 @@ Detective security best practices
-Programming with Amazon Aurora DSQL
+Tagging resources