AWS AmazonS3 documentation change
Summary
Added IAM role creation steps with custom trust policy configuration for AWS Glue endpoint access
Security assessment
The change documents IAM policy configuration, which is a security feature, but does not address a specific security vulnerability.
Diff
diff --git a/AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md b/AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md index ed328ec80..ed23d236c 100644 --- a//AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md +++ b//AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md @@ -68,0 +69,18 @@ To access tables through AWS Glue endpoints, you need to create an IAM role with + 5. After you create the policy, create an IAM role and choose **Custom trust policy** as the **Trusted entity type**. + + 6. Enter the following for the **Custom trust policy**. + + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::<accountid>:role/<Admin_role>" + }, + "Action": "sts:AssumeRole", + "Condition": {} + } + ] + } +