AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2026-05-22 · Documentation low

File: AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.md

Summary

Removed reference to AWSServiceRoleForRDS overriding custom IAM roles for CloudWatch Logs access.

Security assessment

Update corrects documentation about IAM role behavior for logs publishing (security feature), but doesn't indicate a security vulnerability fix.

Diff

diff --git a/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.md b/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.md
index aa44b084e..d7fd8e01b 100644
--- a//AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.md
+++ b//AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.CloudWatch.md
@@ -21 +21 @@ To publish logs to CloudWatch Logs, the respective logs must be enabled. Error l
-If you use this alternative method, you must have an IAM role to access CloudWatch Logs and set the `aws_default_logs_role` cluster-level parameter to the ARN for this role. For information about creating the role, see [Setting up IAM roles to access AWS services](./AuroraMySQL.Integrating.Authorizing.IAM.html). However, if you have the `AWSServiceRoleForRDS` service-linked role, it provides access to CloudWatch Logs and overrides any custom-defined roles. For information about service-linked roles for Amazon RDS, see [Using service-linked roles for Amazon Aurora](./UsingWithRDS.IAM.ServiceLinkedRoles.html).
+If you use this alternative method, you must have an IAM role to access CloudWatch Logs and set the `aws_default_logs_role` cluster-level parameter to the ARN for this role. For information about creating the role, see [Setting up IAM roles to access AWS services](./AuroraMySQL.Integrating.Authorizing.IAM.html).