AWS AmazonRDS documentation change
Summary
Added documentation about required permissions for Aurora Global Database Blue/Green Deployments
Security assessment
Expands documentation about required operational permissions without addressing security vulnerabilities. Focuses on proper access controls rather than fixing security issues.
Diff
diff --git a/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md b/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md index dd4e94a89..d2fb72ad3 100644 --- a//AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md +++ b//AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-authorizing-access.md @@ -4,0 +5,2 @@ +Permissions for Global Database + @@ -49,0 +52,27 @@ Aurora provisions and modifies resources in the staging environment on your beha +## Additional permissions for Aurora Global Database Blue/Green Deployments + +When creating blue/green deployments for Aurora Global Database clusters, in addition to the above listed permission, users need the following permissions to perform operations to manage the global cluster topology. + +The user who creates a blue/green deployment must have permissions to perform the following RDS operations: + + * `rds:CreateGlobalCluster` + + + + +The user who switches over a blue/green deployment must have permissions to perform the following RDS operations: + + * `rds:ModifyGlobalCluster` + + * `rds:PromoteReadReplicaDBCluster` + + + + +The user who deletes a blue/green deployment must have permissions to perform the following RDS operations: + + * `rds:DeleteGlobalCluster` + + + +