AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-08-10 · Security-related medium

File: AmazonRDS/latest/UserGuide/rds-manpol-updates.md

Summary

Updated RDS Custom service-linked role policy permissions for EBS snapshot handling

Security assessment

Explicitly modifies snapshot permissions to comply with EBS authorization changes. Removes ec2:CopySnapshot and adds granular snapshot permissions to follow security best practices for resource-level access control.

Diff

diff --git a/AmazonRDS/latest/UserGuide/rds-manpol-updates.md b/AmazonRDS/latest/UserGuide/rds-manpol-updates.md
index 68a2e398f..8c1f213b8 100644
--- a//AmazonRDS/latest/UserGuide/rds-manpol-updates.md
+++ b//AmazonRDS/latest/UserGuide/rds-manpol-updates.md
@@ -10,0 +11 @@ Change | Description | Date
+[Service-linked role permissions for Amazon RDS Custom](./UsingWithRDS.IAM.ServiceLinkedRoles.html#slr-permissions-custom) – Update to existing policy |  Amazon RDS updated permissions on the `AmazonRDSCustomServiceRolePolicy` of the `AWSServiceRoleForRDSCustom` service-linked role. The update removes `ec2:CopySnapshot` from one statement and adds two new statements for source and destination snapshot permissions. These updates comply with a [ Change in EBS CopySnapshot authorization behavior](https://aws.amazon.com/blogs/storage/enhancing-resource-level-permissions-for-copying-amazon-ebs-snapshots/) while keeping effective permissions unchanged. For more information, see [Service-linked role permissions for Amazon RDS Custom](./UsingWithRDS.IAM.ServiceLinkedRoles.html#slr-permissions-custom). | August 7, 2025