AWS AmazonRDS medium security documentation change
Summary
Documented update to RDS Custom service-linked role policy regarding EBS CopySnapshot permissions
Security assessment
The policy update explicitly addresses authorization behavior for EBS snapshot operations, splitting permissions into source/destination controls. This indicates a security-related policy refinement to enforce least privilege access for snapshot copying operations.
Diff
diff --git a/AmazonRDS/latest/UserGuide/WhatsNew.md b/AmazonRDS/latest/UserGuide/WhatsNew.md index 17f7386b5..da0f8983c 100644 --- a//AmazonRDS/latest/UserGuide/WhatsNew.md +++ b//AmazonRDS/latest/UserGuide/WhatsNew.md @@ -18,0 +19 @@ Change| Description| Date +Amazon RDS Custom service-linked role policy updated| The AmazonRDSCustomServiceRolePolicy managed policy has been updated to comply with EBS CopySnapshot authorization behavior. The update removes `ec2:CopySnapshot` from one statement and adds two new statements for source and destination snapshot permissions. For more information, see [ Updates to AWS managed policies for Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-managed-policy-updates.html).| August 7, 2025