AWS Security ChangesHomeSearch

AWS glue documentation change

Service: glue · 2025-03-26 · Documentation medium

File: glue/latest/dg/security-lf-enable.md

Summary

Added section about FGAC (Fine-Grained Access Control) for AWS Glue 5.0 Notebook sessions and removed outdated access control note

Security assessment

Documents security feature (FGAC) implementation but does not indicate a specific security vulnerability being addressed. Focuses on configuration requirements for access control.

Diff

diff --git a/glue/latest/dg/security-lf-enable.md b/glue/latest/dg/security-lf-enable.md
index 824d706fa..1fa7be40a 100644
--- a/glue/latest/dg/security-lf-enable.md
+++ b/glue/latest/dg/security-lf-enable.md
@@ -5 +5 @@
-OverviewHow it worksMinimum workersEnable runtime permissionsSet up runtime permissionsSubmitting a job runSupported operations
+OverviewHow it worksMinimum workersEnable runtime permissionsSet up runtime permissionsSubmitting a job runFGAC for AWS Glue 5.0 Notebook or interactive sessionsSupported operations
@@ -17,2 +16,0 @@ With AWS Glue version 5.0 and higher, you can leverage AWS Lake Formation to app
-  * If you need database/table level access control, you can grant database/table permissions to your roles. This bypasses the need to migrate from `GlueContext` to Spark dataframe.
-
@@ -144,0 +143,6 @@ After you finish setting up the Lake Formation grants, you can submit Spark jobs
+## FGAC for AWS Glue 5.0 Notebook or interactive sessions
+
+To enable Fine-Grained Access Control (FGAC) in AWS Glue you must specify the Spark confs required for Lake Formation as part of the %%configure magic before you create first cell.
+
+Specifying it later using the calls `SparkSession.builder().conf("").get()` or `SparkSession.builder().conf("").create()` will not be enough. This is a change from the AWS Glue 4.0 behavior.
+