AWS glue documentation change
Summary
Added required IAM permissions for VPC configuration connections in custom roles
Security assessment
Documents least-privilege permissions for secure VPC access. Enhances security documentation but doesn't fix a specific vulnerability.
Diff
diff --git a/glue/latest/dg/security-iam-awsmanpol.md b/glue/latest/dg/security-iam-awsmanpol.md index e62d5b03d..b0973ef30 100644 --- a//glue/latest/dg/security-iam-awsmanpol.md +++ b//glue/latest/dg/security-iam-awsmanpol.md @@ -69,0 +70,19 @@ You can also create your own custom IAM policies to allow permissions for AWS Gl +To create a connection with VPC configuration while using a custom IAM role, it must have the following VPC access actions: + + * secretsmanager:GetSecretValue + + * secretsmanager:PutSecretValue + + * secretsmanager:DescribeSecret + + * ec2:CreateNetworkInterface + + * ec2:DeleteNetworkInterface + + * ec2:DescribeNetworkInterfaces + + * ec2:DescribeSubnets + + + +