AWS Security ChangesHomeSearch

AWS lake-formation documentation change

Service: lake-formation · 2025-08-16 · Documentation low

File: lake-formation/latest/dg/tag-based-access-control.md

Summary

Updated LF-TBAC documentation with expanded use cases and federated catalog support

Security assessment

Enhances documentation about security control mechanism (LF-TBAC) by clarifying supported resources and scalability benefits. Improves security feature understanding but doesn't address vulnerabilities.

Diff

diff --git a/lake-formation/latest/dg/tag-based-access-control.md b/lake-formation/latest/dg/tag-based-access-control.md
index 62f367571..3bbfb62cd 100644
--- a//lake-formation/latest/dg/tag-based-access-control.md
+++ b//lake-formation/latest/dg/tag-based-access-control.md
@@ -9 +9 @@ How Lake Formation tag-based access control works
-Lake Formation tag-based access control (LF-TBAC) is an authorization strategy that defines permissions based on attributes. In Lake Formation, these attributes are called _LF-Tags_. You can attach LF-Tags to Data Catalog resources, and grant permissions to Lake Formation principals on those resources using these LF-Tags. Lake Formation allows operations on those resources when the principal's tag value matches the resource tag value. LF-TBAC is helpful in environments that are growing rapidly and helps with situations where policy management becomes cumbersome. 
+Lake Formation tag-based access control (LF-TBAC) is an authorization strategy that defines permissions based on attributes. In Lake Formation, these attributes are called _LF-Tags_. You can attach LF-Tags to Data Catalog resources, and grant permissions to Lake Formation principals on those resources using these LF-Tags. Lake Formation allows operations on those resources when the principal has granted access to a tag value that matches the resource tag value. 
@@ -11 +11,3 @@ Lake Formation tag-based access control (LF-TBAC) is an authorization strategy t
-LF-TBAC is the recommended method to use to grant Lake Formation permissions when there is a large number of Data Catalog resources. LF-TBAC is more scalable than the named resource method and requires less permission management overhead.
+LF-TBAC is helpful in environments that are growing rapidly and helps with situations where policy management becomes cumbersome. 
+
+LF-TBAC is the recommended method to use to grant Lake Formation permissions when there is a large number of Data Catalog objects including federated catalogs, databases, tables, and views. Lake Formation supports tag-based access control for federated catalogs of Amazon S3 tables, Amazon Redshift data warehouses, and federated data sources such as Amazon DynamoDB, SQL Server, and Snowflake.