AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-08-10 · Documentation low

File: AmazonRDS/latest/AuroraUserGuide/zero-etl.creating-smlh.md

Summary

Added JSON formatting blocks, updated placeholder account IDs to 111122223333, modified policy statement IDs for clarity, and standardized KMS key ARNs

Security assessment

Changes primarily improve documentation structure and provide concrete examples but do not address specific security vulnerabilities. Updates to IAM policies demonstrate security best practices but are routine documentation improvements rather than responses to security incidents.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/zero-etl.creating-smlh.md b/AmazonRDS/latest/AuroraUserGuide/zero-etl.creating-smlh.md
index 129e11678..b7402d8dc 100644
--- a//AmazonRDS/latest/AuroraUserGuide/zero-etl.creating-smlh.md
+++ b//AmazonRDS/latest/AuroraUserGuide/zero-etl.creating-smlh.md
@@ -87,0 +88,6 @@ The role must have the following permissions, which allow the user to view avail
+JSON
+    
+
+****
+    
+    
@@ -105,0 +113,6 @@ The role must have the following trust policy, which specifies the target accoun
+JSON
+    
+
+****
+    
+    
@@ -113 +126 @@ The role must have the following trust policy, which specifies the target accoun
-                "AWS": "arn:aws:iam::{external-account-id}:root"
+                "AWS": "arn:aws:iam::111122223333:root"
@@ -161,0 +176,6 @@ Modifying DB cluster parameters requires a reboot. Before you can create the int
+JSON
+    
+
+****
+    
+        
@@ -170,2 +190,2 @@ Modifying DB cluster parameters requires a reboot. Before you can create the int
-                        "arn:aws:glue:region:account-id:catalog/*",
-                        "arn:aws:glue:region:account-id:catalog"
+                        "arn:aws:glue:us-east-1:111122223333:catalog/*",
+                        "arn:aws:glue:us-east-1:111122223333:catalog"
@@ -178,0 +200,6 @@ The target IAM role must have the following trust relationship:
+JSON
+    
+
+****
+    
+        
@@ -292,0 +321,6 @@ The following sample policy demonstrates how to provide the required permissions
+JSON
+    
+
+****
+    
+    
@@ -299 +333 @@ The following sample policy demonstrates how to provide the required permissions
-                "Sid": "Enables IAM user permissions",
+                "Sid": "EnablesIAMUserPermissions",
@@ -302 +336 @@ The following sample policy demonstrates how to provide the required permissions
-                    "AWS": "arn:aws:iam::{account-ID}:root"
+                "AWS": "arn:aws:iam::111122223333:root"
@@ -308 +342 @@ The following sample policy demonstrates how to provide the required permissions
-                "Sid": "Allows the Glue service principal to add a grant to an AWS KMS key",
+                "Sid": "AllowsGlueServicePrincipalAddGrantAWS KMSKey",
@@ -329 +363 @@ The following sample policy demonstrates how to provide the required permissions
-                "Sid": "Allows the current user or role to add a grant to a KMS key",
+                "Sid": "AllowsCurrentUserRoleAddGrantKMSKey",
@@ -332 +366 @@ The following sample policy demonstrates how to provide the required permissions
-                    "AWS": "arn:aws:iam::{account-ID}:role/{role-name}"
+                "AWS": "arn:aws:iam::111122223333:role/{role-name}"
@@ -351 +385 @@ The following sample policy demonstrates how to provide the required permissions
-                "Sid": "Allows the current uer or role to retrieve information about a KMS key",
+                "Sid": "AllowsCurrentUserRoleRetrieveKMSKeyInformation",
@@ -354 +388 @@ The following sample policy demonstrates how to provide the required permissions
-                    "AWS": "arn:aws:iam::{account-ID}:role/{role-name}"
+                "AWS": "arn:aws:iam::111122223333:role/{role-name}"