AWS AmazonRDS medium security documentation change
Summary
Updated RDS Custom service-linked role policy permissions for EBS snapshot handling
Security assessment
Explicitly modifies snapshot permissions to comply with EBS authorization changes. Removes ec2:CopySnapshot and adds granular snapshot permissions to follow security best practices for resource-level access control.
Diff
diff --git a/AmazonRDS/latest/UserGuide/rds-manpol-updates.md b/AmazonRDS/latest/UserGuide/rds-manpol-updates.md index 68a2e398f..8c1f213b8 100644 --- a//AmazonRDS/latest/UserGuide/rds-manpol-updates.md +++ b//AmazonRDS/latest/UserGuide/rds-manpol-updates.md @@ -10,0 +11 @@ Change | Description | Date +[Service-linked role permissions for Amazon RDS Custom](./UsingWithRDS.IAM.ServiceLinkedRoles.html#slr-permissions-custom) – Update to existing policy | Amazon RDS updated permissions on the `AmazonRDSCustomServiceRolePolicy` of the `AWSServiceRoleForRDSCustom` service-linked role. The update removes `ec2:CopySnapshot` from one statement and adds two new statements for source and destination snapshot permissions. These updates comply with a [ Change in EBS CopySnapshot authorization behavior](https://aws.amazon.com/blogs/storage/enhancing-resource-level-permissions-for-copying-amazon-ebs-snapshots/) while keeping effective permissions unchanged. For more information, see [Service-linked role permissions for Amazon RDS Custom](./UsingWithRDS.IAM.ServiceLinkedRoles.html#slr-permissions-custom). | August 7, 2025