AWS lake-formation medium security documentation change
Summary
Added note about application assignment configuration behavior with IAM Identity Center API
Security assessment
Highlights potential security implications of manual application assignment management outside Lake Formation workflows, which could lead to access control inconsistencies if not properly managed.
Diff
diff --git a/lake-formation/latest/dg/identity-center-lf-notes.md b/lake-formation/latest/dg/identity-center-lf-notes.md index 5d681564f..24fae3e4d 100644 --- a//lake-formation/latest/dg/identity-center-lf-notes.md +++ b//lake-formation/latest/dg/identity-center-lf-notes.md @@ -18,0 +19,2 @@ IAM Identity Center users and groups can query encrypted Data Catalog resources + * When using Lake Formation with IAM Identity Center, the application assignment configuration is set to `false` by default. If you modify this configuration directly through the [IAM Identity Center API](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_PutApplicationAssignmentConfiguration.html), you must then manage all application assignments manually using the API. Lake Formation does not automatically synchronize or manage assignment changes made outside of its standard workflows, which may impact access patterns and authorization flows within your data lake environment. +