AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-03-10 · Documentation low

File: lake-formation/latest/dg/registration-role.md

Summary

Updated IAM role trust relationship requirements and documentation links. Removed 'glue.amazonaws.com' from required trust entities and corrected link formatting.

Security assessment

The change modifies trust relationships but does not explicitly address a security vulnerability. The removal of 'glue.amazonaws.com' could reflect a policy update, but there's no evidence of a security incident being remediated.

Diff

diff --git a/lake-formation/latest/dg/registration-role.md
index 59c438e60..e506df62c 100644
--- a/lake-formation/latest/dg/registration-role.md
+++ b/lake-formation/latest/dg/registration-role.md
@@ -36 +36 @@ The following are the requirements for a user-defined role:
-If you create the role using a different path, ensure that the role has a trust relationship with `lakeformation.amazonaws.com`. For more information, see [Modifying a Role Trust Policy (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy).
+If you create the role using a different path, ensure that the role has a trust relationship with `lakeformation.amazonaws.com`. For more information, see [Modifying a role trust policy (Console)](https://docs.aws.amazon.com/de/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy).
@@ -38,3 +38 @@ If you create the role using a different path, ensure that the role has a trust
-  * The role must have trust relationships with the following entities:
-
-    * `glue.amazonaws.com`
+  * The role must have trust relationships with the following entity:
@@ -44 +42 @@ If you create the role using a different path, ensure that the role has a trust
-For more information, see [Modifying a Role Trust Policy (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy).
+For more information, see [Modifying a role trust policy (Console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy).
@@ -76 +74 @@ For more information, see [Modifying a Role Trust Policy (Console)](https://docs
-To include IAM Identity Center user context in the CloudTrail logs, the trust policy must have the permission for the `sts:SetContext` action. "sts:SetContext" 
+To include IAM Identity Center user context in the CloudTrail logs, the trust policy must have the permission for the `sts:SetContext` action.