AWS dms documentation change
Summary
Updated PostgreSQL target requirements for DMS Schema Conversion to specify minimum privileges (CONNECT and CREATE ON DATABASE) and clarify that the target database must exist before connecting
Security assessment
This change clarifies the minimum required database privileges for migration operations, which is a security best practice (principle of least privilege). However, there is no evidence this addresses a specific security vulnerability or incident - it appears to be routine documentation improvement for clarity.
Diff
diff --git a/dms/latest/userguide/data-providers-postgresql.md b/dms/latest/userguide/data-providers-postgresql.md index a2e9a7928..55b6373ec 100644 --- a//dms/latest/userguide/data-providers-postgresql.md +++ b//dms/latest/userguide/data-providers-postgresql.md @@ -15 +15,5 @@ For information about supported target databases, see [Target data providers for -To use PostgreSQL as a target, DMS Schema Conversion requires the `CREATE ON DATABASE` privilege. Create a user and grant this user with this privilege for each database that you want to use in migration project for DMS Schema Conversion. +To use PostgreSQL as a target, DMS Schema Conversion requires the following minimum privileges. The target database must exist before you connect. For each database you want to use in your migration project, grant the following privileges to the user account used for the migration: + + + GRANT CONNECT ON DATABASE <db_name> TO <user>; + GRANT CREATE ON DATABASE <db_name> TO <user>;