AWS glue medium security documentation change
Summary
Added JSON formatting markers and documentation about required IAM permissions for catalog-level table optimizations
Security assessment
Added explicit requirement for glue:UpdateCatalog or Lake Formation ALTER CATALOG permissions to enable catalog-level optimizations. This change documents necessary security controls for modifying catalog properties, preventing unauthorized changes.
Diff
diff --git a/glue/latest/dg/optimization-prerequisites.md b/glue/latest/dg/optimization-prerequisites.md index 9d1e72001..de0d0e946 100644 --- a//glue/latest/dg/optimization-prerequisites.md +++ b//glue/latest/dg/optimization-prerequisites.md @@ -18,0 +19,6 @@ In the following inline policies, replace `bucket-name` with your Amazon S3 buck +JSON + + +**** + + @@ -64,0 +71 @@ In the following inline policies, replace `bucket-name` with your Amazon S3 buck + ] @@ -74,0 +83,6 @@ For more information on registering an Amazon S3 bucket with Lake Formation, see +JSON + + +**** + + @@ -108,0 +122 @@ For more information on registering an Amazon S3 bucket with Lake Formation, see + ] @@ -201,0 +216,2 @@ JSON + * (Optional) To update the Data Catalog settings to enable catalog-level table optimizations, the IAM role used must have the `glue:UpdateCatalog` permission or AWS Lake Formation `ALTER CATALOG` permission on the root catalog. You can use `GetCatalog` API to verify the catalog properties. + @@ -213 +229 @@ Optimizing Iceberg tables -Compaction optimization +Catalog-level table optimizers