AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-08-10 · Security-related medium

File: AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.access-control.cmk-policy.md

Summary

Updated KMS key policy example with corrected JSON syntax, removed instructional comments, and specified 'us-east-1' region in kms:ViaService condition

Security assessment

The change enforces stricter regional specificity in KMS policies (via 'rds.us-east-1.amazonaws.com') and removes ambiguous placeholder text, improving security posture by demonstrating proper service-linked resource policies. This directly impacts access control for encrypted Performance Insights data.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.access-control.cmk-policy.md b/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.access-control.cmk-policy.md
index 33ee83a6e..57b20f7a7 100644
--- a//AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.access-control.cmk-policy.md
+++ b//AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.access-control.cmk-policy.md
@@ -23,0 +24,6 @@ The following example shows how to add statements to your KMS key policy. These
+JSON
+    
+
+****
+    
+    
@@ -28,6 +34 @@ The following example shows how to add statements to your KMS key policy. These
-     "Statement" : [ {
-        //This represents a statement that currently exists in your policy.
-     }
-     ....,
-     //Starting here, add new statement to your policy for Performance Insights.
-     //We recommend that you add one new statement for every RDS instance
+        "Statement" : [ 
@@ -35 +36 @@ The following example shows how to add statements to your KMS key policy. These
-        "Sid" : "Allow viewing RDS Performance Insights",
+                "Sid" : "AllowViewingRDSPerformanceInsights",
@@ -39 +39,0 @@ The following example shows how to add statements to your KMS key policy. These
-                //One or more principals allowed to access Performance Insights
@@ -50,4 +50 @@ The following example shows how to add statements to your KMS key policy. These
-                //Restrict access to only RDS APIs (including Performance Insights).
-                //Replace region with your AWS Region. 
-                //For example, specify us-west-2.
-                "kms:ViaService" : "rds.region.amazonaws.com"
+                    "kms:ViaService" : "rds.us-east-1.amazonaws.com"
@@ -56 +52,0 @@ The following example shows how to add statements to your KMS key policy. These
-                //Restrict access to only data encrypted by Performance Insights.
@@ -59,3 +54,0 @@ The following example shows how to add statements to your KMS key policy. These
-                
-                //Restrict access to a specific RDS instance.
-                //The value is a DbiResourceId.
@@ -65,0 +59,3 @@ The following example shows how to add statements to your KMS key policy. These
+        ]
+    }
+