AWS clean-rooms medium security documentation change
Summary
Added requirement for service role to have IAM and Lake Formation permissions when associating Athena-backed tables
Security assessment
Explicitly specifying required permissions (IAM + Lake Formation) helps prevent misconfiguration that could lead to unauthorized data access. Lake Formation permissions are critical for fine-grained access control in data lake environments.
Diff
diff --git a/clean-rooms/latest/userguide/associate-configured-table.md b/clean-rooms/latest/userguide/associate-configured-table.md index 0412d9f67..4a91281f5 100644 --- a//clean-rooms/latest/userguide/associate-configured-table.md +++ b//clean-rooms/latest/userguide/associate-configured-table.md @@ -81 +81 @@ The description helps with writing queries. -If you are associating an Amazon Athena table (GDC View), choose an **Existing service role name** from the dropdown list. +If you are associating a configured table backed by Amazon Athena, choose an **Existing service role name** from the dropdown list. Ensure the service role has IAM and, if needed, Lake Formation permissions to the dataset. @@ -144 +144 @@ The description helps with writing queries. -If you are associating an Amazon Athena table (GDC View), choose an **Existing service role name** from the dropdown list. +If you are associating a configured table backed by Amazon Athena, choose an **Existing service role name** from the dropdown list. Ensure the service role has IAM and, if needed, Lake Formation permissions to the dataset.