AWS aurora-dsql high security documentation change
Summary
Added guidance to use 'verify-full' SSL mode in production and recommend PostgreSQL client version 17 updates
Security assessment
The change explicitly addresses SSL/TLS certificate validation ('verify-full' mode) and client updates for security improvements. These are direct security enhancements to prevent man-in-the-middle attacks and ensure secure connections.
Diff
diff --git a/aurora-dsql/latest/userguide/best-practices-security-preventative.md b/aurora-dsql/latest/userguide/best-practices-security-preventative.md index 17f8cb47b..9dbf53399 100644 --- a//aurora-dsql/latest/userguide/best-practices-security-preventative.md +++ b//aurora-dsql/latest/userguide/best-practices-security-preventative.md @@ -24,0 +25,10 @@ Similar to the [ root user best practices for your AWS account](https://docs.aws +**Use`verify-full` in production environments.** + + +This setting verifies that the server certificate is signed by a trusted certificate authority and that the server hostname matches the certificate. + +**Update your PostgreSQL client** + + +Regularly update your PostgreSQL client to the latest version to benefit from security improvements. We recommend using PostgreSQL version 17. +