FAQ: DocumentDB
kmcquade opened this issue · 0 comments
kmcquade commented
Leaving this here so I can point people to it later - and because I suspect others will search for it.
DocumentDB does not have its own IAM namespace and is covered under the rds IAM namespace, as explained in the DocumentDB documentation on IAM.
As such, DocumentDB is compliant wherever RDS is compliant - which is across the board. Therefore, DocumentDB will be allowed under any SCP AllowList generated with aws-allowlister.
We implemented this mapping here.