AWS Security ChangesHomeSearch

AWS athena medium security documentation change

Service: athena · 2025-04-03 · Security-related medium

File: athena/latest/ug/gdc-register-s3-table-bucket-cat.md

Summary

Clarified restrictions on write/DML operations in workgroups with SSE-KMS encryption and S3 Requester Pays enabled

Security assessment

The change explicitly documents security-related limitations around encryption (SSE-KMS) and cost control mechanisms (Requester Pays) that could impact data protection and access controls

Diff

diff --git a/athena/latest/ug/gdc-register-s3-table-bucket-cat.md b/athena/latest/ug/gdc-register-s3-table-bucket-cat.md
index 447094b98..f81a83581 100644
--- a//athena/latest/ug/gdc-register-s3-table-bucket-cat.md
+++ b//athena/latest/ug/gdc-register-s3-table-bucket-cat.md
@@ -27 +27,3 @@ Amazon S3 table buckets are a bucket type in Amazon S3 that is purpose-built to
-  * Queries against S3 Tables are not supported in workgroups with SSE_KMS result encryption or the S3 Requester Pays option enabled.
+  * In workgroups with SSE-KMS encryption enabled, you can't run write operations like `INSERT`, `UPDATE`, `DELETE`, or `MERGE` on S3 Tables.
+
+  * In workgroups with S3 Requester Pays option enabled, you can't run DML operations on S3 Tables.