AWS AmazonRDS medium security documentation change
Summary
Added requirement that S3 bucket for SQL Server audit logs must be in same AWS account as DB instance
Security assessment
Enforcing same AWS account prevents cross-account access to audit logs, reducing risk of unintended data exposure through misconfigured bucket policies
Diff
diff --git a/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md b/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md index dd0cb2e16..0e75c66ff 100644 --- a//AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md +++ b//AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.S3bucket.md @@ -9 +9 @@ The audit log files are automatically uploaded from the DB instance to your S3 b - * It must be in the same AWS Region as the DB instance. + * It must be in the same AWS Region and AWS account as the DB instance.