AWS Security ChangesHomeSearch

AWS glue documentation change

Service: glue · 2025-05-16 · Documentation low

File: glue/latest/dg/aws-glue-programming-etl-format-iceberg.md

Summary

Added documentation for configuring Spark properties to enable Iceberg cross-region table access using multi-region access points and ARNs.

Security assessment

The change introduces guidance for secure cross-region access via AWS Lake Formation and S3 access points, which improves access control but does not address a specific security vulnerability. It documents security best practices for multi-region architecture.

Diff

diff --git a/glue/latest/dg/aws-glue-programming-etl-format-iceberg.md b/glue/latest/dg/aws-glue-programming-etl-format-iceberg.md
index ffb28e278..aeb45c206 100644
--- a//glue/latest/dg/aws-glue-programming-etl-format-iceberg.md
+++ b//glue/latest/dg/aws-glue-programming-etl-format-iceberg.md
@@ -65,0 +66,17 @@ To enable server-side encryption on Iceberg tables, review the guidance from the
+**Add Spark configuration for Iceberg cross region**
+
+To add additional spark configuration for Iceberg cross-region table access with the AWS Glue Data Catalog and AWS Lake Formation, follow the steps below:
+
+  1. Create a [Multi-region access point](https://docs.aws.amazon.com/AmazonS3/latest/userguide/multi-region-access-point-create-examples.html).
+
+  2. Set the following Spark properties:
+    
+        -----
+        --conf spark.sql.catalog.my_catalog.s3.use-arn-region-enabled=true \
+        --conf spark.sql.catalog.{CATALOG}.s3.access-points.bucket1", "arn:aws:s3::<account-id>:accesspoint/<mrap-id>.mrap \
+        --conf spark.sql.catalog.{CATALOG}.s3.access-points.bucket2", "arn:aws:s3::<account-id>:accesspoint/<mrap-id>.mrap
+    -----
+
+
+
+