AWS aurora-dsql documentation change
Summary
Updated documentation to reflect new support for resource-based policies in Aurora DSQL.
Security assessment
Changes from 'No' to 'Yes' for resource-based policy support and adds guidance for creating/managing these policies. This introduces documentation for a new security capability but does not address a specific vulnerability.
Diff
diff --git a/aurora-dsql/latest/userguide/security_iam_service-with-iam.md b/aurora-dsql/latest/userguide/security_iam_service-with-iam.md index ba8e75d5c..bf361cf8e 100644 --- a//aurora-dsql/latest/userguide/security_iam_service-with-iam.md +++ b//aurora-dsql/latest/userguide/security_iam_service-with-iam.md @@ -14 +14 @@ Identity-based policies | Yes -Resource-based policies | No +Resource-based policies | Yes @@ -41 +41 @@ To view examples of Aurora DSQL identity-based policies, see [Identity-based pol -**Supports resource-based policies:** No +**Supports resource-based policies:** Yes @@ -43 +43 @@ To view examples of Aurora DSQL identity-based policies, see [Identity-based pol -Resource-based policies are JSON policy documents that you attach to a resource. Examples of resource-based policies are IAM _role trust policies_ and Amazon S3 _bucket policies_. In services that support resource-based policies, service administrators can use them to control access to a specific resource. For the resource where the policy is attached, the policy defines what actions a specified principal can perform on that resource and under what conditions. You must [specify a principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) in a resource-based policy. Principals can include accounts, users, roles, federated users, or AWS services. +Resource-based policies are JSON policy documents that you attach to a resource. Examples of resource-based policies are IAM role trust policies and Amazon S3 bucket policies. In services that support resource-based policies, service administrators can use them to control access to a specific resource. For the resource where the policy is attached, the policy defines what actions a specified principal can perform on that resource and under what conditions. You must [specify a principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) in a resource-based policy. Principals can include accounts, users, roles, federated users, or AWS services. Resource-based policies are inline policies that are located in that service. You can't use AWS managed policies from IAM in a resource-based policy. @@ -45 +45 @@ Resource-based policies are JSON policy documents that you attach to a resource. -To enable cross-account access, you can specify an entire account or IAM entities in another account as the principal in a resource-based policy. For more information, see [Cross account resource access in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html) in the _IAM User Guide_. +To learn how to create and manage resource-based policies for Aurora DSQL clusters, see [Resource-based policies for Aurora DSQL](https://docs.aws.amazon.com/aurora-dsql/latest/userguide/resource-based-policies.html).