AWS Security ChangesHomeSearch

AWS AWSCloudFormation high security documentation change

Service: AWSCloudFormation · 2025-06-13 · Security-related high

File: AWSCloudFormation/latest/TemplateReference/aws-properties-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat.md

Summary

Added security warning about initialization query exposure

Security assessment

The change explicitly warns about sensitive data exposure in initialization queries, addressing a potential security risk through documentation.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat.md
index acd957662..8269d70be 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-rds-dbproxytargetgroup-connectionpoolconfigurationinfoformat.md
@@ -68,0 +69,4 @@ Default: no initialization query
+###### Important
+
+Since you can access initialization query as part of target group configuration, it is not protected by authentication or cryptographic methods. Anyone with access to view or manage your proxy target group configuration can view the initialization query. You should not add sensitive data, such as passwords or long-lived encryption keys, to this option.
+