AWS lake-formation documentation change
Summary
Updated LF-TBAC documentation with expanded use cases and federated catalog support
Security assessment
Enhances documentation about security control mechanism (LF-TBAC) by clarifying supported resources and scalability benefits. Improves security feature understanding but doesn't address vulnerabilities.
Diff
diff --git a/lake-formation/latest/dg/tag-based-access-control.md b/lake-formation/latest/dg/tag-based-access-control.md index 62f367571..3bbfb62cd 100644 --- a//lake-formation/latest/dg/tag-based-access-control.md +++ b//lake-formation/latest/dg/tag-based-access-control.md @@ -9 +9 @@ How Lake Formation tag-based access control works -Lake Formation tag-based access control (LF-TBAC) is an authorization strategy that defines permissions based on attributes. In Lake Formation, these attributes are called _LF-Tags_. You can attach LF-Tags to Data Catalog resources, and grant permissions to Lake Formation principals on those resources using these LF-Tags. Lake Formation allows operations on those resources when the principal's tag value matches the resource tag value. LF-TBAC is helpful in environments that are growing rapidly and helps with situations where policy management becomes cumbersome. +Lake Formation tag-based access control (LF-TBAC) is an authorization strategy that defines permissions based on attributes. In Lake Formation, these attributes are called _LF-Tags_. You can attach LF-Tags to Data Catalog resources, and grant permissions to Lake Formation principals on those resources using these LF-Tags. Lake Formation allows operations on those resources when the principal has granted access to a tag value that matches the resource tag value. @@ -11 +11,3 @@ Lake Formation tag-based access control (LF-TBAC) is an authorization strategy t -LF-TBAC is the recommended method to use to grant Lake Formation permissions when there is a large number of Data Catalog resources. LF-TBAC is more scalable than the named resource method and requires less permission management overhead. +LF-TBAC is helpful in environments that are growing rapidly and helps with situations where policy management becomes cumbersome. + +LF-TBAC is the recommended method to use to grant Lake Formation permissions when there is a large number of Data Catalog objects including federated catalogs, databases, tables, and views. Lake Formation supports tag-based access control for federated catalogs of Amazon S3 tables, Amazon Redshift data warehouses, and federated data sources such as Amazon DynamoDB, SQL Server, and Snowflake.