AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2026-06-22 · Documentation medium

File: AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md

Summary

Added engine-specific service principals for newer AWS Regions in Kerberos setup

Security assessment

This change updates Kerberos authentication documentation (a security feature) to include engine-specific service principals for newer regions. It ensures accurate secure configurations but doesn't fix a security vulnerability.

Diff

diff --git a/AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md b/AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md
index c2a93d219..44d43224c 100644
--- a//AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md
+++ b//AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md
@@ -282,0 +283,9 @@ Replace REGION-CODE with the code for your specific Region. For example, use the
+For AWS Regions launched after Israel (Tel Aviv), starting with Canada West (Calgary), use the engine-specific service principal `directoryservice-`engine`.rds.`region-code`.amazonaws.com`, where `engine` is `postgresql`. For example, for Canada West (Calgary) Region:
+    
+    
+    "Service": [
+      "directoryservice-postgresql.rds.ca-west-1.amazonaws.com",
+      "rds.ca-west-1.amazonaws.com"
+    ]
+    
+