AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-07-04 · Security-related medium

File: AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md

Summary

Added documentation for BCP utility usage from Linux and clarified encryption handling for S3 backups (SSE-KMS not supported, client-side encryption with KMS)

Security assessment

Explicitly documents encryption implementation details - reveals that SSE-KMS isn't supported and client-side encryption is used. This clarifies security controls for backup storage, impacting data-at-rest protection strategies

Diff

diff --git a/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md b/AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md
index 87b8dc1de..a24c72609 100644
--- a//AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md
+++ b//AmazonRDS/latest/UserGuide/SQLServer.Procedural.Importing.md
@@ -111,0 +112,24 @@ Using native .bak files to back up and restore databases is usually the fastest
+  * [Using BCP utility from Linux to import and export data](./SQLServer.Procedural.Importing.BCP.Linux.html)
+
+    * [Prerequisites](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Prerequisites)
+
+    * [Installing SQL Server command-line tools on Linux](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Installing)
+
+    * [Exporting data from RDS for SQL Server](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Exporting)
+
+      * [Basic export syntax](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Exporting.Basic)
+
+      * [Export example](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Exporting.Example)
+
+    * [Importing data to RDS for SQL Server](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Importing)
+
+      * [Basic import syntax](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Importing.Basic)
+
+      * [Import example](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Importing.Example)
+
+    * [Common BCP options](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Options)
+
+    * [Best practices and considerations](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.BestPractices)
+
+    * [Troubleshooting common issues](./SQLServer.Procedural.Importing.BCP.Linux.html#SQLServer.Procedural.Importing.BCP.Linux.Troubleshooting)
+
@@ -154,0 +179,2 @@ The following are some limitations to using native backup and restore:
+  * Amazon S3 server-side encryption with AWS KMS (SSE-KMS) is currently not supported. When you provide a KMS key to a stored procedure, any native backup and restores are encrypted and decrypted on the client-side with the KMS key. AWS stores the backups in the S3 bucket with SSE-S3.
+