AWS AmazonRDS documentation change
Summary
Added engine-specific service principals for newer AWS Regions in Kerberos setup
Security assessment
This change updates Kerberos authentication documentation (a security feature) to include engine-specific service principals for newer regions. It ensures accurate secure configurations but doesn't fix a security vulnerability.
Diff
diff --git a/AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md b/AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md index c2a93d219..44d43224c 100644 --- a//AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md +++ b//AmazonRDS/latest/UserGuide/postgresql-kerberos-setting-up.md @@ -282,0 +283,9 @@ Replace REGION-CODE with the code for your specific Region. For example, use the +For AWS Regions launched after Israel (Tel Aviv), starting with Canada West (Calgary), use the engine-specific service principal `directoryservice-`engine`.rds.`region-code`.amazonaws.com`, where `engine` is `postgresql`. For example, for Canada West (Calgary) Region: + + + "Service": [ + "directoryservice-postgresql.rds.ca-west-1.amazonaws.com", + "rds.ca-west-1.amazonaws.com" + ] + +