AWS Security ChangesHomeSearch

AWS amazondynamodb medium security documentation change

Service: amazondynamodb · 2025-07-04 · Security-related medium

File: amazondynamodb/latest/developerguide/globaltables-security.md

Summary

Removed direct URL reference to IAM policy and kept policy name only

Security assessment

The change clarifies documentation about required permissions for replication service roles. Misconfiguration could lead to replication failures (REPLICATION_NOT_AUTHORIZED status), which impacts data consistency across regions - a security-adjacent availability concern. However, no specific vulnerability is addressed.

Diff

diff --git a/amazondynamodb/latest/developerguide/globaltables-security.md b/amazondynamodb/latest/developerguide/globaltables-security.md
index 079e83f58..0471a8090 100644
--- a//amazondynamodb/latest/developerguide/globaltables-security.md
+++ b//amazondynamodb/latest/developerguide/globaltables-security.md
@@ -17 +17 @@ When you create a global table for the first time, Amazon DynamoDB automatically
-When applying resource-based policies to replicas, ensure that you don't deny any of the permissions defined in the [`AWSServiceRoleForDynamoDBReplication`](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy) policy to the SLR principal, as this will interrupt replication. If you deny required SLR permissions, replication to and from affected replicas will stop, and the replica table status will change to `REPLICATION_NOT_AUTHORIZED`.
+When applying resource-based policies to replicas, ensure that you don't deny any of the permissions defined in the `AWSServiceRoleForDynamoDBReplication` policy to the SLR principal, as this will interrupt replication. If you deny required SLR permissions, replication to and from affected replicas will stop, and the replica table status will change to `REPLICATION_NOT_AUTHORIZED`.