AWS lake-formation documentation change
Summary
Added ABAC configuration steps with attribute expressions and Cedar policy integration for hybrid access mode
Security assessment
Introduces documentation for attribute-based access control in hybrid mode, expanding security feature documentation without referencing specific vulnerabilities.
Diff
diff --git a/lake-formation/latest/dg/hybrid-access-mode-new.md b/lake-formation/latest/dg/hybrid-access-mode-new.md index 15c6ef7f3..fdf8aef90 100644 --- a//lake-formation/latest/dg/hybrid-access-mode-new.md +++ b//lake-formation/latest/dg/hybrid-access-mode-new.md @@ -67 +67 @@ Console -Alternatively, choose **Data lake permissions** , select the principals to grant permissions from the list, and choose **Grant**. +Alternatively, choose **Data permissions** , select the principals to grant permissions from the list, and choose **Grant**. @@ -120,0 +121,10 @@ You can choose `All tables` under a database to grant access. + * **Attributes** – Select attributes to grant permissions based on attributes. + + + + * Enter the key-value pair to create a grant based on attributes. Review the Cedar policy expression on the console. For more information about Cedar, see [What is Cedar? | Cedar Policy Language Reference GuideLink](https://docs.cedarpolicy.com/). + + * Choose **Add**. + +All IAM roles/users with matching attributes are granted access. +