AWS athena medium security documentation change
Summary
Added documentation about configuring TPC-DS connector using Glue connections with requirements for AWS Secrets Manager and connection schema constraints
Security assessment
The change mandates use of AWS Secrets Manager for credentials storage and enforces ConnectionSchemaVersion 2, which are security-related configurations. The explicit requirement to use Secrets Manager (a security service) rather than storing credentials in plaintext provides concrete evidence of security documentation improvements.
Diff
diff --git a/athena/latest/ug/connectors-tpcds.md b/athena/latest/ug/connectors-tpcds.md index 72f3f6cf3..6b6dfd37d 100644 --- a//athena/latest/ug/connectors-tpcds.md +++ b//athena/latest/ug/connectors-tpcds.md @@ -29,0 +30,27 @@ The parameter names and definitions listed below are for Athena data source conn +We recommend that you configure a TPC-DS connector by using a Glue connections object. To do this, set the `glue_connection` environment variable of the TPC-DS connector Lambda to the name of the Glue connection to use. + +**Glue connections properties** + +Use the following command to get the schema for a Glue connection object. This schema contains all the parameters that you can use to control your connection. + + + aws glue describe-connection-type --connection-type TPCDS + +**Lambda environment properties** + + * glue_connection – Specifies the name of the Glue connection associated with the federated connector. + + + + +###### Note + + * All connectors that use Glue connections must use AWS Secrets Manager to store credentials. + + * The TPC-DS connector created using Glue connections does not support the use of a multiplexing handler. + + * The TPC-DS connector created using Glue connections only supports `ConnectionSchemaVersion` 2. + + + +