AWS AmazonRDS high security documentation change
Summary
Removed permissive IAM policy statement allowing all actions/resources
Security assessment
The change deletes a wildcard IAM policy ('Action': '*', 'Resource': '*'), which reduces over-permissive access. This directly addresses a security best practice by limiting potential privilege escalation risks.
Diff
diff --git a/AmazonRDS/latest/UserGuide/custom-setup-sqlserver.md b/AmazonRDS/latest/UserGuide/custom-setup-sqlserver.md index afdfb69d2..2e08c08bc 100644 --- a//AmazonRDS/latest/UserGuide/custom-setup-sqlserver.md +++ b//AmazonRDS/latest/UserGuide/custom-setup-sqlserver.md @@ -749,7 +749 @@ JSON - "NotResource": "arn:aws:kms:us-east-1:acct_id:key/KMS_key_ID" - }, - { - "Sid": "NoBoundarySetByDefault", - "Effect": "Allow", - "Action": "*", - "Resource": "*" + "NotResource": "arn:aws:kms:us-east-1:111122223333:key/KMS_key_ID"