AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-08-16 · Documentation low

File: lake-formation/latest/dg/redshift-ns-prereqs.md

Summary

Added JSON section markers, updated KMS policy SIDs, and standardized account IDs (111122223333) in resource ARNs

Security assessment

Changes improve policy example clarity and consistency but do not directly address security vulnerabilities. Updated KMS policies ensure accurate examples but do not introduce new security controls.

Diff

diff --git a/lake-formation/latest/dg/redshift-ns-prereqs.md b/lake-formation/latest/dg/redshift-ns-prereqs.md
index def38c70e..3393f5810 100644
--- a//lake-formation/latest/dg/redshift-ns-prereqs.md
+++ b//lake-formation/latest/dg/redshift-ns-prereqs.md
@@ -14,0 +15,6 @@ In addition to data lake administrator permissions, the data lake administrator
+JSON
+    
+
+****
+    
+    
@@ -18,2 +24 @@ In addition to data lake administrator permissions, the data lake administrator
-        "Statement": [
-            {
+        "Statement": [{
@@ -42,4 +47 @@ In addition to data lake administrator permissions, the data lake administrator
-            }
-        ]
-    }
-    
+            },
@@ -59,0 +62,3 @@ In addition to data lake administrator permissions, the data lake administrator
+        ]
+    }
+    
@@ -118,0 +124,6 @@ When you enable data lake access for Apache Iceberg compatible query engines suc
+JSON
+    
+
+****
+    
+    
@@ -136,0 +149,6 @@ When you enable data lake access for Apache Iceberg compatible query engines suc
+JSON
+    
+
+****
+    
+    
@@ -155,0 +175,6 @@ For more information about managing the permissions of a customer managed key, s
+JSON
+    
+
+****
+    
+    
@@ -161 +186 @@ For more information about managing the permissions of a customer managed key, s
-                "Sid": "Allow access through RedShift for all principals in the account that are authorized to use RedShift",
+                "Sid": "AllowAccessThroughRedShift",
@@ -177 +202 @@ For more information about managing the permissions of a customer managed key, s
-                        "kms:CallerAccount": "123456789012",
+                        "kms:CallerAccount": "111122223333",
@@ -183 +208 @@ For more information about managing the permissions of a customer managed key, s
-            "Sid": "Allow access through RedShift-Serverless for all principals in the account that are authorized to use RedShift-Serverless",
+            "Sid": "AllowAccessThroughRedShiftServerless",
@@ -199 +224 @@ For more information about managing the permissions of a customer managed key, s
-                    "kms:CallerAccount": "123456789012",
+                    "kms:CallerAccount": "111122223333",
@@ -205 +230 @@ For more information about managing the permissions of a customer managed key, s
-                "Sid": "Allow direct access to key metadata to the account",
+                "Sid": "AllowDirectAccessToKeyMetadata",
@@ -208 +233 @@ For more information about managing the permissions of a customer managed key, s
-                    "AWS": "arn:aws:iam::123456789012:root"
+                    "AWS": "arn:aws:iam::111122223333:root"
@@ -219 +244 @@ For more information about managing the permissions of a customer managed key, s
-                "Sid": "Allow GenerateDataKey + Decrypt to the DataTransferRole via s3",
+                "Sid": "AllowGenerateDataKeyDecrypt",
@@ -222 +247 @@ For more information about managing the permissions of a customer managed key, s
-                    "AWS": "arn:aws:iam::123456789012 :role/data-transfer-role-name"
+                    "AWS": "arn:aws:iam::111122223333 :role/data-transfer-role-name"
@@ -228,2 +253 @@ For more information about managing the permissions of a customer managed key, s
-                "Resource": "*"
-            },
+                "Resource": "*",
@@ -234,0 +259,2 @@ For more information about managing the permissions of a customer managed key, s
+            }
+