AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2026-03-07 · Security-related medium

File: AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md

Summary

Added requirement that S3 bucket for SQL Server audit logs must be in same AWS account as DB instance

Security assessment

Enforcing same AWS account prevents cross-account access to audit logs, reducing risk of unintended data exposure through misconfigured bucket policies

Diff

diff --git a/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md b/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md
index dd0cb2e16..0e75c66ff 100644
--- a//AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md
+++ b//AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md
@@ -9 +9 @@ The audit log files are automatically uploaded from the DB instance to your S3 b
-  * It must be in the same AWS Region as the DB instance.
+  * It must be in the same AWS Region and AWS account as the DB instance.