AWS Security ChangesHomeSearch

AWS aurora-dsql high security documentation change

Service: aurora-dsql · 2025-06-10 · Security-related high

File: aurora-dsql/latest/userguide/best-practices-security-preventative.md

Summary

Added guidance to use 'verify-full' SSL mode in production and recommend PostgreSQL client version 17 updates

Security assessment

The change explicitly addresses SSL/TLS certificate validation ('verify-full' mode) and client updates for security improvements. These are direct security enhancements to prevent man-in-the-middle attacks and ensure secure connections.

Diff

diff --git a/aurora-dsql/latest/userguide/best-practices-security-preventative.md b/aurora-dsql/latest/userguide/best-practices-security-preventative.md
index 17f8cb47b..9dbf53399 100644
--- a//aurora-dsql/latest/userguide/best-practices-security-preventative.md
+++ b//aurora-dsql/latest/userguide/best-practices-security-preventative.md
@@ -24,0 +25,10 @@ Similar to the [ root user best practices for your AWS account](https://docs.aws
+**Use`verify-full` in production environments.**
+    
+
+This setting verifies that the server certificate is signed by a trusted certificate authority and that the server hostname matches the certificate. 
+
+**Update your PostgreSQL client**
+    
+
+Regularly update your PostgreSQL client to the latest version to benefit from security improvements. We recommend using PostgreSQL version 17. 
+