AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-04-18 · Documentation low

File: lake-formation/latest/dg/hybrid-access-mode-new.md

Summary

Added ABAC configuration steps with attribute expressions and Cedar policy integration for hybrid access mode

Security assessment

Introduces documentation for attribute-based access control in hybrid mode, expanding security feature documentation without referencing specific vulnerabilities.

Diff

diff --git a/lake-formation/latest/dg/hybrid-access-mode-new.md b/lake-formation/latest/dg/hybrid-access-mode-new.md
index 15c6ef7f3..fdf8aef90 100644
--- a//lake-formation/latest/dg/hybrid-access-mode-new.md
+++ b//lake-formation/latest/dg/hybrid-access-mode-new.md
@@ -67 +67 @@ Console
-Alternatively, choose **Data lake permissions** , select the principals to grant permissions from the list, and choose **Grant**.
+Alternatively, choose **Data permissions** , select the principals to grant permissions from the list, and choose **Grant**.
@@ -120,0 +121,10 @@ You can choose `All tables` under a database to grant access.
+       * **Attributes** – Select attributes to grant permissions based on attributes.
+
+![The interface to add principals and resources with an attribute expression.](/images/lake-formation/latest/dg/images/abac-hybrid-access.png)
+
+       * Enter the key-value pair to create a grant based on attributes. Review the Cedar policy expression on the console. For more information about Cedar, see [What is Cedar? | Cedar Policy Language Reference GuideLink](https://docs.cedarpolicy.com/).
+
+       * Choose **Add**.
+
+All IAM roles/users with matching attributes are granted access.
+