AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2026-03-07 · Documentation low

File: AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-switching.md

Summary

Added warning about verifying applications don't override default_transaction_read_only parameter during blue/green switchover to prevent data inconsistencies

Security assessment

The change addresses potential data consistency issues during deployment operations but does not indicate a security vulnerability or weakness. It focuses on preventing operational data discrepancies rather than protecting against malicious exploitation.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-switching.md b/AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-switching.md
index db973e013..8d7667e89 100644
--- a//AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-switching.md
+++ b//AmazonRDS/latest/AuroraUserGuide/blue-green-deployments-switching.md
@@ -128,0 +129,2 @@ If there's a large number of connections on your DB cluster and DB instances, co
+    * Before initiating a blue/green deployment switchover, verify that your application does not override the `default_transaction_read_only` parameter at the session level. During switchover, this parameter is set to `on` on the green environment writer to prevent writes until promotion completes. If your application or transactions override this configuration to `off`, your application may write data to the green environment during the switchover process. In the event the switchover has to roll back, these writes are not available in the blue environment, requiring you to manually resolve the data inconsistencies. We strongly recommend auditing your application queries to ensure they respect the `default_transaction_read_only` setting before proceeding with switchover.
+