AWS Security ChangesHomeSearch

AWS glue medium security documentation change

Service: glue · 2025-08-10 · Security-related medium

File: glue/latest/dg/optimization-prerequisites.md

Summary

Added JSON formatting markers and documentation about required IAM permissions for catalog-level table optimizations

Security assessment

Added explicit requirement for glue:UpdateCatalog or Lake Formation ALTER CATALOG permissions to enable catalog-level optimizations. This change documents necessary security controls for modifying catalog properties, preventing unauthorized changes.

Diff

diff --git a/glue/latest/dg/optimization-prerequisites.md b/glue/latest/dg/optimization-prerequisites.md
index 9d1e72001..de0d0e946 100644
--- a//glue/latest/dg/optimization-prerequisites.md
+++ b//glue/latest/dg/optimization-prerequisites.md
@@ -18,0 +19,6 @@ In the following inline policies, replace `bucket-name` with your Amazon S3 buck
+JSON
+    
+
+****
+    
+    
@@ -64,0 +71 @@ In the following inline policies, replace `bucket-name` with your Amazon S3 buck
+                ]
@@ -74,0 +83,6 @@ For more information on registering an Amazon S3 bucket with Lake Formation, see
+JSON
+    
+
+****
+    
+    
@@ -108,0 +122 @@ For more information on registering an Amazon S3 bucket with Lake Formation, see
+                ]
@@ -201,0 +216,2 @@ JSON
+  * (Optional) To update the Data Catalog settings to enable catalog-level table optimizations, the IAM role used must have the `glue:UpdateCatalog` permission or AWS Lake Formation `ALTER CATALOG` permission on the root catalog. You can use `GetCatalog` API to verify the catalog properties. 
+
@@ -213 +229 @@ Optimizing Iceberg tables
-Compaction optimization 
+Catalog-level table optimizers