AWS Security ChangesHomeSearch

AWS clean-rooms medium security documentation change

Service: clean-rooms · 2025-05-31 · Security-related medium

File: clean-rooms/latest/userguide/associate-configured-table.md

Summary

Added requirement for service role to have IAM and Lake Formation permissions when associating Athena-backed tables

Security assessment

Explicitly specifying required permissions (IAM + Lake Formation) helps prevent misconfiguration that could lead to unauthorized data access. Lake Formation permissions are critical for fine-grained access control in data lake environments.

Diff

diff --git a/clean-rooms/latest/userguide/associate-configured-table.md b/clean-rooms/latest/userguide/associate-configured-table.md
index 0412d9f67..4a91281f5 100644
--- a//clean-rooms/latest/userguide/associate-configured-table.md
+++ b//clean-rooms/latest/userguide/associate-configured-table.md
@@ -81 +81 @@ The description helps with writing queries.
-If you are associating an Amazon Athena table (GDC View), choose an **Existing service role name** from the dropdown list.
+If you are associating a configured table backed by Amazon Athena, choose an **Existing service role name** from the dropdown list. Ensure the service role has IAM and, if needed, Lake Formation permissions to the dataset. 
@@ -144 +144 @@ The description helps with writing queries.
-If you are associating an Amazon Athena table (GDC View), choose an **Existing service role name** from the dropdown list.
+If you are associating a configured table backed by Amazon Athena, choose an **Existing service role name** from the dropdown list. Ensure the service role has IAM and, if needed, Lake Formation permissions to the dataset.