AWS Security ChangesHomeSearch

AWS datazone low security documentation change

Service: datazone · 2025-07-18 · Security-related low

File: datazone/latest/userguide/security-best-practices.md

Summary

Added section about using AWS RAM for cross-account access management

Security assessment

Documents security controls for cross-account resource sharing through AWS RAM, which helps prevent unauthorized access between accounts in DataZone environments.

Diff

diff --git a/datazone/latest/userguide/security-best-practices.md b/datazone/latest/userguide/security-best-practices.md
index 77de1443c..2ef58b02f 100644
--- a//datazone/latest/userguide/security-best-practices.md
+++ b//datazone/latest/userguide/security-best-practices.md
@@ -5 +5 @@
-Implement least privilege accessUse IAM rolesImplement Server-Side Encryption in Dependent ResourcesUse CloudTrail to Monitor API Calls
+Implement least privilege accessUse IAM rolesImplement Server-Side Encryption in Dependent ResourcesUse CloudTrail to Monitor API CallsUsing RAM in Amazon DataZone
@@ -14,0 +15,2 @@ When granting permissions, you decide who is getting what permissions to which A
+For more information, see [AWS managed policies for Amazon DataZone](./security-iam-awsmanpol.html) and [Service control policies (SCPs)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html). 
+
@@ -39,0 +42,4 @@ Using the information collected by CloudTrail, you can determine the request tha
+## Using RAM in Amazon DataZone
+
+Associating your AWS accounts with Amazon DataZone domains enables domain users to publish and consume data from these AWS accounts. Amazon DataZone uses AWS Resource Access Manager (RAM) to manage cross-account access. For more information, see [Associated accounts in Amazon DataZone](./working-with-associated-accounts.html) and [Security in AWS RAM](https://docs.aws.amazon.com/ram/latest/userguide/security.html).
+