AWS lake-formation documentation change
Summary
Removed condition block requiring specific GlueARN in IAM policy example
Security assessment
Change modifies policy syntax but doesn't explicitly reference security vulnerabilities or fixes. Appears to simplify policy example rather than address a security issue.
Diff
diff --git a/lake-formation/latest/dg/cross-account-read-data.md b/lake-formation/latest/dg/cross-account-read-data.md index ecc4b630d..9c242ff72 100644 --- a//lake-formation/latest/dg/cross-account-read-data.md +++ b//lake-formation/latest/dg/cross-account-read-data.md @@ -54,6 +54 @@ In the following IAM policy: - ], - "Condition": { - "StringEquals": { - "lakeformation:GlueARN":"arn:aws:glue:<region>:<account-id-A>:table/<database>/<table>" - } - } + ]