AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-05-31 · Security-related medium

File: AmazonRDS/latest/UserGuide/rds-proxy-creating.md

Summary

Added security warning about initialization query exposure and PostgreSQL database retention requirement

Security assessment

Explicitly warns against storing sensitive data in initialization queries due to lack of authentication/cryptographic protection. Addresses potential data exposure risk by advising against insecure practices.

Diff

diff --git a/AmazonRDS/latest/UserGuide/rds-proxy-creating.md b/AmazonRDS/latest/UserGuide/rds-proxy-creating.md
index c953aec0d..1bab11c3e 100644
--- a//AmazonRDS/latest/UserGuide/rds-proxy-creating.md
+++ b//AmazonRDS/latest/UserGuide/rds-proxy-creating.md
@@ -21,0 +22,4 @@ Setting | Description
+
+###### Note
+
+To use RDS for PostgreSQL, make sure to retain the `postgres` database in your instance. See [Troubleshooting deleted postgres database](./rds-proxy.troubleshooting.html#rds-proxy-PostgreSQL-troubleshooting.postgresDBDelete).  
@@ -35,0 +40,4 @@ For multiple statements, use semicolons as the separator.
+
+###### Important
+
+Since you can access initialization query as part of target group configuration, it is not protected by authentication or cryptographic methods. Anyone with access to view or manage your proxy target group configuration can view the initialization query. You should not add sensitive data, such as passwords or long-lived encryption keys, to this option.