AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2026-04-28 · Security-related medium

File: AmazonRDS/latest/AuroraUserGuide/rds-proxy.md

Summary

Added link to best practices documentation and documented limitations regarding SSL negotiation mode and PostgreSQL protocol version support

Security assessment

The change explicitly states that RDS Proxy doesn't support direct SSL negotiation mode. SSL/TLS is a critical security feature for encrypted database connections. Documenting this limitation informs users about potential security implications when using RDS Proxy with PostgreSQL, making it security-related. However, there's no indication this addresses an active vulnerability.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/rds-proxy.md b/AmazonRDS/latest/AuroraUserGuide/rds-proxy.md
index e37e89e20..904ef1d36 100644
--- a//AmazonRDS/latest/AuroraUserGuide/rds-proxy.md
+++ b//AmazonRDS/latest/AuroraUserGuide/rds-proxy.md
@@ -54,0 +55,2 @@ RDS Proxy is fully compatible with the engine versions that it supports. You can
+  * [Best practices with RDS Proxy](./rds-proxy-best-practices.html)
+
@@ -172,0 +175,4 @@ The following additional limitations apply to RDS Proxy with Aurora PostgreSQL d
+  * RDS Proxy doesn't support direct SSL negotiation mode.
+
+  * RDS Proxy only supports version 3.0 of the PostgreSQL messaging protocol.
+