AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-08-10 · Documentation low

File: AmazonRDS/latest/UserGuide/USER_PerfInsights.access-control.cmk-policy.md

Summary

Updated KMS key policy example with concrete region specification (us-east-1), removed commented guidance, and improved JSON formatting

Security assessment

The changes improve documentation for KMS key policies controlling Performance Insights access but do not address a specific vulnerability. The update adds clearer examples of security controls (region restrictions, service principal limitations) but doesn't indicate remediation of an existing security flaw.

Diff

diff --git a/AmazonRDS/latest/UserGuide/USER_PerfInsights.access-control.cmk-policy.md b/AmazonRDS/latest/UserGuide/USER_PerfInsights.access-control.cmk-policy.md
index 5e1a3d72d..3992338a4 100644
--- a//AmazonRDS/latest/UserGuide/USER_PerfInsights.access-control.cmk-policy.md
+++ b//AmazonRDS/latest/UserGuide/USER_PerfInsights.access-control.cmk-policy.md
@@ -23,0 +24,6 @@ The following example shows how to add statements to your KMS key policy. These
+JSON
+    
+
+****
+    
+    
@@ -28,6 +34 @@ The following example shows how to add statements to your KMS key policy. These
-     "Statement" : [ {
-        //This represents a statement that currently exists in your policy.
-     }
-     ....,
-     //Starting here, add new statement to your policy for Performance Insights.
-     //We recommend that you add one new statement for every RDS instance
+        "Statement" : [ 
@@ -35 +36 @@ The following example shows how to add statements to your KMS key policy. These
-        "Sid" : "Allow viewing RDS Performance Insights",
+                "Sid" : "AllowViewingRDSPerformanceInsights",
@@ -39 +39,0 @@ The following example shows how to add statements to your KMS key policy. These
-                //One or more principals allowed to access Performance Insights
@@ -50,4 +50 @@ The following example shows how to add statements to your KMS key policy. These
-                //Restrict access to only RDS APIs (including Performance Insights).
-                //Replace region with your AWS Region. 
-                //For example, specify us-west-2.
-                "kms:ViaService" : "rds.region.amazonaws.com"
+                    "kms:ViaService" : "rds.us-east-1.amazonaws.com"
@@ -56 +52,0 @@ The following example shows how to add statements to your KMS key policy. These
-                //Restrict access to only data encrypted by Performance Insights.
@@ -59,3 +54,0 @@ The following example shows how to add statements to your KMS key policy. These
-                
-                //Restrict access to a specific RDS instance.
-                //The value is a DbiResourceId.
@@ -65,0 +59,3 @@ The following example shows how to add statements to your KMS key policy. These
+        ]
+    }
+