AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-06-10 · Security-related medium

File: AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md

Summary

Added note that MSDB database permissions are not replicated to secondary instances in SQL Server Multi-AZ deployments.

Security assessment

The documentation addresses a security gap where permissions on the secondary instance might be weaker than the primary, requiring manual intervention. Failure to address this could lead to privilege escalation or unauthorized access on the secondary instance.

Diff

diff --git a/AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md b/AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md
index e8dd78256..cf1b04bb7 100644
--- a//AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md
+++ b//AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md
@@ -28,0 +29,2 @@ If you need a higher limit, request an increase by contacting Support. Open the
+  * RDS for SQL Server doesn't replicate MSDB database permissions to the secondary instance. If you need these permissions on the secondary instance, you must recreate them manually.
+