AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-08-10 · Documentation low

File: AmazonRDS/latest/UserGuide/rds-security-iam-awsmanpol.md

Summary

Expanded documentation of RDS Custom service role permissions including SSM, CloudTrail, and IAM

Security assessment

Adds documentation for new permissions (cloudtrail, servicequotas, ssm, etc.) required for RDS Custom operations. Improves transparency of security-related permissions but doesn't address a specific vulnerability.

Diff

diff --git a/AmazonRDS/latest/UserGuide/rds-security-iam-awsmanpol.md b/AmazonRDS/latest/UserGuide/rds-security-iam-awsmanpol.md
index b955bcbfc..8f67a3f00 100644
--- a//AmazonRDS/latest/UserGuide/rds-security-iam-awsmanpol.md
+++ b//AmazonRDS/latest/UserGuide/rds-security-iam-awsmanpol.md
@@ -206,0 +207,10 @@ This policy includes the following permissions:
+  * `cloudtrail` ‐ Allows RDS Custom to recieve change events about the DB instance
+
+  * `servicequotas` ‐ Allows RDS Custom to read service quotas related to the DB instance
+
+  * `ssm` ‐ Allows RDS Custom to manage the DB instance's underlying EC2 instance.
+
+  * `rds` ‐ Allows RDS Custom to manage RDS resources for your DB instance
+
+  * `iam` ‐ Allows RDS Custom to validate and attach the instance profile to a DB instance's underlying EC2 instance.
+
@@ -254 +264 @@ This policy includes the following permissions:
-For more information about this policy, including the JSON policy document, see [AmazonRDSDataFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRDSDataFullAccess.html) in the _AWS Managed Policy Reference Guide_.
+For more information about this policy, including the JSON policy document, see [AmazonRDSPreviewServiceRolePolicy](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonRDSPreviewServiceRolePolicy.html) in the _AWS Managed Policy Reference Guide_.