AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-03-10 · Documentation low

File: lake-formation/latest/dg/required-permissions-for-grant.md

Summary

Expanded required Glue permissions to include 'glue:GetCatalogs' and 'glue:GetCatalog' for catalog-level grants.

Security assessment

Adds new permissions to documentation but does not indicate a security fix. This appears to be a routine update to reflect expanded feature support rather than addressing a security issue.

Diff

diff --git a/lake-formation/latest/dg/required-permissions-for-grant.md
index a1785b0ef..88cb9c820 100644
--- a/lake-formation/latest/dg/required-permissions-for-grant.md
+++ b/lake-formation/latest/dg/required-permissions-for-grant.md
@@ -17 +17 @@ All principals, including the data lake administrator, need the following AWS Id
-  * `glue:GetTable` or `glue:GetDatabase` for a table or database that you're granting permissions using the named resource method.
+  * `glue:GetTable`, `glue:GetDatabase`, or `glue:GetCatalog` for a table, database, or catalog that you're granting permissions using the named resource method.
@@ -41,0 +42 @@ The following IAM policy is recommended for principals who are not data lake adm
+                    "glue:GetCatalogs",
@@ -44,0 +46 @@ The following IAM policy is recommended for principals who are not data lake adm
+                    "glue:GetCatalog",