AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-11-16 · Documentation low

File: AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md

Summary

Added documentation about required permissions for Aurora Global Database Blue/Green Deployments

Security assessment

Expands documentation about required operational permissions without addressing security vulnerabilities. Focuses on proper access controls rather than fixing security issues.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md b/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md
index dd4e94a89..d2fb72ad3 100644
--- a//AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md
+++ b//AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md
@@ -4,0 +5,2 @@
+Permissions for Global Database
+
@@ -49,0 +52,27 @@ Aurora provisions and modifies resources in the staging environment on your beha
+## Additional permissions for Aurora Global Database Blue/Green Deployments 
+
+When creating blue/green deployments for Aurora Global Database clusters, in addition to the above listed permission, users need the following permissions to perform operations to manage the global cluster topology. 
+
+The user who creates a blue/green deployment must have permissions to perform the following RDS operations:
+
+  * `rds:CreateGlobalCluster`
+
+
+
+
+The user who switches over a blue/green deployment must have permissions to perform the following RDS operations:
+
+  * `rds:ModifyGlobalCluster`
+
+  * `rds:PromoteReadReplicaDBCluster`
+
+
+
+
+The user who deletes a blue/green deployment must have permissions to perform the following RDS operations:
+
+  * `rds:DeleteGlobalCluster`
+
+
+
+