AWS Security ChangesHomeSearch

AWS next-generation-sagemaker documentation change

Service: next-generation-sagemaker · 2025-08-16 · Documentation low

File: next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md

Summary

Updated example AWS account IDs and regions in DynamoDB resource-based policy documentation

Security assessment

The changes correct example IAM policy placeholders with specific values, improving clarity for configuring secure access to DynamoDB. This enhances security documentation but doesn't address a specific vulnerability.

Diff

diff --git a/next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md b/next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md
index 008f6c0a2..ea9c6ff79 100644
--- a//next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md
+++ b//next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md
@@ -163 +163 @@ For more information about setting up a DynamoDB data source by using AWS CloudS
-      * To allow the appropriate actions for the SageMaker Unified Studio projects to take on your DynamoDB data source, add a resource-based policy to your DynamoDB data source. Attach the following policy for the table `customer_ddb`:
+      * To allow the appropriate actions for the SageMaker Unified Studio projects to take on your DynamoDB data source, add a resource-based policy to your DynamoDB data source. Attach the following policy for the table `customer_ddb`.
@@ -172,2 +172,2 @@ For more information about setting up a DynamoDB data source by using AWS CloudS
-                              "arn:aws:iam::AWS_account_ID:role/datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy",
-                              "arn:aws:iam::AWS_account_ID:role/datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa"
+                              "arn:aws:iam::111122223333:role/datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy",
+                              "arn:aws:iam::111122223333:role/datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa"
@@ -183 +183 @@ For more information about setting up a DynamoDB data source by using AWS CloudS
-                        "Resource": "arn:aws:dynamodb:AWS_Region:AWS_account_ID:table/customer_ddb"
+                        "Resource": "arn:aws:dynamodb:us-west-2:111122223333:table/customer_ddb"
@@ -189 +189 @@ For more information about setting up a DynamoDB data source by using AWS CloudS
-This example policy allows connecting to DynamoDB tables as a federated source. Replace `AWS_Region` with your AWS Region, `AWS_account_ID` with the AWS account ID where DynamoDB is deployed, `customer_ddb` with the DynamoDB table that you intend to query from SageMaker Unified Studio, `datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy` with the admin project role, and `datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa` with the data analyst project role in SageMaker Unified Studio. For more information about how to attach a policy to a DynamoDB data source, see [Attach a policy to a DynamoDB existing table](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-attach-resource-based-policy.html) in the _Amazon DynamoDB Developer Guide_.
+This example policy allows connecting to DynamoDB tables as a federated source. Replace `us-west-2` with your AWS Region, `111122223333` with the AWS account ID where DynamoDB is deployed, `customer_ddb` with the DynamoDB table that you intend to query from SageMaker Unified Studio, `datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy` with the admin project role, and `datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa` with the data analyst project role in SageMaker Unified Studio. For more information about how to attach a policy to a DynamoDB data source, see [Attach a policy to a DynamoDB existing table](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-attach-resource-based-policy.html) in the _Amazon DynamoDB Developer Guide_.