AWS aurora-dsql documentation change
Summary
Added 'WITH LOGIN' requirement for database roles and updated IAM role association wording
Security assessment
The addition of 'WITH LOGIN' clarifies proper role creation to ensure database roles can authenticate. This improves security documentation but does not address a specific disclosed vulnerability.
Diff
diff --git a/aurora-dsql/latest/userguide/using-database-and-iam-roles.md b/aurora-dsql/latest/userguide/using-database-and-iam-roles.md index 7d9c175d7..57c279e17 100644 --- a//aurora-dsql/latest/userguide/using-database-and-iam-roles.md +++ b//aurora-dsql/latest/userguide/using-database-and-iam-roles.md @@ -7,2 +6,0 @@ Authorizing database roles to connect to your clusterAuthorizing database roles -Amazon Aurora DSQL is provided as a Preview service. To learn more, see [Betas and Previews ](https://aws.amazon.com/service-terms/) in the AWS Service Terms. - @@ -27 +25 @@ Use the `admin` database role with an IAM identity that is authorized for IAM ac - 2. Create a new database role. + 2. Create a new database role, making sure to specify the `WITH LOGIN` option. @@ -31 +29 @@ Use the `admin` database role with an IAM identity that is authorized for IAM ac - 3. Associate the database role with the AWS IAM role ARN. + 3. Associate the database role with the IAM role ARN. @@ -45 +43 @@ The following examples use the `GRANT` command to provide authorization within t -For more information, see [PostgreSQL GRANT](https://www.postgresql.org/docs/current/sql-grant.html) and [PostgreSQL Privileges](https://www.postgresql.org/docs/current/ddl-priv.html) in the PostgreSQL documentation. +For more information, see [PostgreSQL `GRANT`](https://www.postgresql.org/docs/current/sql-grant.html) and [PostgreSQL Privileges](https://www.postgresql.org/docs/current/ddl-priv.html) in the PostgreSQL documentation.