AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-04-18 · Documentation low

File: lake-formation/latest/dg/lf-tag-considerations.md

Summary

Added LF-Tag expression size limitation and updated section title to include ABAC considerations

Security assessment

Documents technical limitations of LF-Tag expressions and explicitly calls out ABAC considerations, enhancing security feature documentation without addressing vulnerabilities.

Diff

diff --git a/lake-formation/latest/dg/lf-tag-considerations.md b/lake-formation/latest/dg/lf-tag-considerations.md
index 79fae4bb7..8888a681b 100644
--- a//lake-formation/latest/dg/lf-tag-considerations.md
+++ b//lake-formation/latest/dg/lf-tag-considerations.md
@@ -82,0 +83,2 @@ For more information, see [Cross-account data sharing in Lake Formation](./cross
+  * When granting or revoking permissions on an inline LF-Tag expression, the size of the LF-Tag expression can not exceed 900 bytes. To grant permissions on larger LF-Tag expressions, use the saved LF-Tag expressions. For more information, see [Creating LF-Tag expressions](./TBAC-creating-tag-expressions.html). 
+
@@ -94 +96 @@ IAM Identity Center integration limitations
-Troubleshooting Lake Formation
+Attribute-based access control considerations, limitations, and supported regions