AWS lake-formation documentation change
Summary
Added JSON section markers, updated KMS policy SIDs, and standardized account IDs (111122223333) in resource ARNs
Security assessment
Changes improve policy example clarity and consistency but do not directly address security vulnerabilities. Updated KMS policies ensure accurate examples but do not introduce new security controls.
Diff
diff --git a/lake-formation/latest/dg/redshift-ns-prereqs.md b/lake-formation/latest/dg/redshift-ns-prereqs.md index def38c70e..3393f5810 100644 --- a//lake-formation/latest/dg/redshift-ns-prereqs.md +++ b//lake-formation/latest/dg/redshift-ns-prereqs.md @@ -14,0 +15,6 @@ In addition to data lake administrator permissions, the data lake administrator +JSON + + +**** + + @@ -18,2 +24 @@ In addition to data lake administrator permissions, the data lake administrator - "Statement": [ - { + "Statement": [{ @@ -42,4 +47 @@ In addition to data lake administrator permissions, the data lake administrator - } - ] - } - + }, @@ -59,0 +62,3 @@ In addition to data lake administrator permissions, the data lake administrator + ] + } + @@ -118,0 +124,6 @@ When you enable data lake access for Apache Iceberg compatible query engines suc +JSON + + +**** + + @@ -136,0 +149,6 @@ When you enable data lake access for Apache Iceberg compatible query engines suc +JSON + + +**** + + @@ -155,0 +175,6 @@ For more information about managing the permissions of a customer managed key, s +JSON + + +**** + + @@ -161 +186 @@ For more information about managing the permissions of a customer managed key, s - "Sid": "Allow access through RedShift for all principals in the account that are authorized to use RedShift", + "Sid": "AllowAccessThroughRedShift", @@ -177 +202 @@ For more information about managing the permissions of a customer managed key, s - "kms:CallerAccount": "123456789012", + "kms:CallerAccount": "111122223333", @@ -183 +208 @@ For more information about managing the permissions of a customer managed key, s - "Sid": "Allow access through RedShift-Serverless for all principals in the account that are authorized to use RedShift-Serverless", + "Sid": "AllowAccessThroughRedShiftServerless", @@ -199 +224 @@ For more information about managing the permissions of a customer managed key, s - "kms:CallerAccount": "123456789012", + "kms:CallerAccount": "111122223333", @@ -205 +230 @@ For more information about managing the permissions of a customer managed key, s - "Sid": "Allow direct access to key metadata to the account", + "Sid": "AllowDirectAccessToKeyMetadata", @@ -208 +233 @@ For more information about managing the permissions of a customer managed key, s - "AWS": "arn:aws:iam::123456789012:root" + "AWS": "arn:aws:iam::111122223333:root" @@ -219 +244 @@ For more information about managing the permissions of a customer managed key, s - "Sid": "Allow GenerateDataKey + Decrypt to the DataTransferRole via s3", + "Sid": "AllowGenerateDataKeyDecrypt", @@ -222 +247 @@ For more information about managing the permissions of a customer managed key, s - "AWS": "arn:aws:iam::123456789012 :role/data-transfer-role-name" + "AWS": "arn:aws:iam::111122223333 :role/data-transfer-role-name" @@ -228,2 +253 @@ For more information about managing the permissions of a customer managed key, s - "Resource": "*" - }, + "Resource": "*", @@ -234,0 +259,2 @@ For more information about managing the permissions of a customer managed key, s + } +