AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2025-06-25 · Security-related high

File: AmazonRDS/latest/UserGuide/USER_CopySnapshot.md

Summary

Added important note about KMS deny statements affecting snapshot copy operations

Security assessment

Addresses potential failure scenarios in snapshot operations due to overly restrictive KMS policies, which could impact disaster recovery capabilities.

Diff

diff --git a/AmazonRDS/latest/UserGuide/USER_CopySnapshot.md b/AmazonRDS/latest/UserGuide/USER_CopySnapshot.md
index e06350cb1..088755e42 100644
--- a//AmazonRDS/latest/UserGuide/USER_CopySnapshot.md
+++ b//AmazonRDS/latest/UserGuide/USER_CopySnapshot.md
@@ -399,0 +400,4 @@ You can also encrypt a copy of an unencrypted snapshot. This way, you can quickl
+###### Important
+
+When you use explicit deny statements for all resources (*) in AWS KMS key policies with managed services like Amazon RDS, you must specify a condition to allow the resource owning account. The copy operation might fail without this condition, even if the deny rule includes exceptions for your IAM user.
+