AWS Security ChangesHomeSearch

AWS AmazonRDS high security documentation change

Service: AmazonRDS · 2026-03-07 · Security-related high

File: AmazonRDS/latest/UserGuide/blue-green-deployments-switching.md

Summary

Added warning about application behavior overriding read-only settings during switchover

Security assessment

Addresses potential data inconsistency risks from writes during migration, which could lead to security-impacting data loss if rollback occurs

Diff

diff --git a/AmazonRDS/latest/UserGuide/blue-green-deployments-switching.md b/AmazonRDS/latest/UserGuide/blue-green-deployments-switching.md
index dbebfffa2..495d5eec8 100644
--- a//AmazonRDS/latest/UserGuide/blue-green-deployments-switching.md
+++ b//AmazonRDS/latest/UserGuide/blue-green-deployments-switching.md
@@ -130,0 +131,2 @@ If there's a large number of connections on your DB instances, consider manually
+    * Before initiating a blue/green deployment switchover, verify that your application does not override the `default_transaction_read_only` parameter at the session level. During switchover, this parameter is set to `on` on the green environment writer to prevent writes until promotion completes. If your application or transactions override this configuration to `off`, your application may write data to the green environment during the switchover process. In the event the switchover has to roll back, these writes are not available in the blue environment, requiring you to manually resolve the data inconsistencies. We strongly recommend auditing your application queries to ensure they respect the `default_transaction_read_only` setting before proceeding with switchover.
+