AWS lake-formation medium security documentation change
Summary
Removed 'glue.amazonaws.com' from IAM role trust policy requirements
Security assessment
This tightens IAM trust relationships by removing Glue service principal, reducing potential attack surface. The change enforces least privilege by limiting which services can assume the role.
Diff
diff --git a/lake-formation/latest/dg/connect-data-source-prerequisites.md b/lake-formation/latest/dg/connect-data-source-prerequisites.md index 0653485e0..baa2f062f 100644 --- a//lake-formation/latest/dg/connect-data-source-prerequisites.md +++ b//lake-formation/latest/dg/connect-data-source-prerequisites.md @@ -67,2 +67 @@ The role must have `Select` or `Describe` permissions on the Amazon S3 bucket an - "lakeformation.amazonaws.com", - "glue.amazonaws.com" + "lakeformation.amazonaws.com"