AWS Security ChangesHomeSearch

AWS transform documentation change

Service: transform · 2026-01-28 · Documentation medium

File: transform/latest/userguide/sql-server-setup.md

Summary

Added clarification about db_datareader role requirements and added s3:PutBucketVersioning permission

Security assessment

The change clarifies least-privilege permissions (db_datareader only required for data migration) and adds S3 bucket versioning permission, which improves security posture by documenting proper access controls. No vulnerability is being fixed.

Diff

diff --git a/transform/latest/userguide/sql-server-setup.md b/transform/latest/userguide/sql-server-setup.md
index 8e00bde58..1a89efe5a 100644
--- a//transform/latest/userguide/sql-server-setup.md
+++ b//transform/latest/userguide/sql-server-setup.md
@@ -41,0 +42,13 @@ Repeat the database-specific commands (USE, CREATE USER, GRANT) for each databas
+The db_datareader role is only necessary for data migration, not for schema conversion alone.
+
+  * The db_datareader role grants read access to all tables in the database
+
+  * This role is required ONLY when performing data migration.
+
+  * For schema conversion only (without data migration), the db_datareader role is NOT required
+
+  * The other permissions (VIEW DEFINITION, VIEW DATABASE STATE, etc.) are sufficient for schema conversion
+
+
+
+
@@ -142,0 +156 @@ Create a file named dms-roles.yaml with the following content:
+                      - s3:PutBucketVersioning