AWS AmazonRDS medium security documentation change
Summary
Added note that MSDB database permissions are not replicated to secondary instances in SQL Server Multi-AZ deployments.
Security assessment
The documentation addresses a security gap where permissions on the secondary instance might be weaker than the primary, requiring manual intervention. Failure to address this could lead to privilege escalation or unauthorized access on the secondary instance.
Diff
diff --git a/AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md b/AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md index e8dd78256..cf1b04bb7 100644 --- a//AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md +++ b//AmazonRDS/latest/UserGuide/USER_SQLServerMultiAZ.Recommendations.md @@ -28,0 +29,2 @@ If you need a higher limit, request an increase by contacting Support. Open the + * RDS for SQL Server doesn't replicate MSDB database permissions to the secondary instance. If you need these permissions on the secondary instance, you must recreate them manually. +