AWS lake-formation documentation change
Summary
Added clarification that direct cross-account permission grants are only visible to the recipient principal
Security assessment
The change provides documentation about permission visibility but does not address a specific security vulnerability. It enhances understanding of access control without modifying security controls.
Diff
diff --git a/lake-formation/latest/dg/cross-account-notes.md b/lake-formation/latest/dg/cross-account-notes.md index 262f724f5..6769a7792 100644 --- a//lake-formation/latest/dg/cross-account-notes.md +++ b//lake-formation/latest/dg/cross-account-notes.md @@ -32,0 +33,2 @@ See the example CLI command for granting permissions to `ALLIAMPrincipals` in [G + * When cross-account permissions are granted directly to a principal, only the recipient of the grant can view these permissions. The data lake administrator in the recipient's AWS account cannot view these direct grants. +