AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-05-01 · Documentation low

File: lake-formation/latest/dg/cross-account-notes.md

Summary

Added clarification that direct cross-account permission grants are only visible to the recipient principal

Security assessment

The change provides documentation about permission visibility but does not address a specific security vulnerability. It enhances understanding of access control without modifying security controls.

Diff

diff --git a/lake-formation/latest/dg/cross-account-notes.md b/lake-formation/latest/dg/cross-account-notes.md
index 262f724f5..6769a7792 100644
--- a//lake-formation/latest/dg/cross-account-notes.md
+++ b//lake-formation/latest/dg/cross-account-notes.md
@@ -32,0 +33,2 @@ See the example CLI command for granting permissions to `ALLIAMPrincipals` in [G
+  * When cross-account permissions are granted directly to a principal, only the recipient of the grant can view these permissions. The data lake administrator in the recipient's AWS account cannot view these direct grants.
+