AWS next-generation-sagemaker documentation change
Summary
Updated example AWS account IDs and regions in DynamoDB resource-based policy documentation
Security assessment
The changes correct example IAM policy placeholders with specific values, improving clarity for configuring secure access to DynamoDB. This enhances security documentation but doesn't address a specific vulnerability.
Diff
diff --git a/next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md b/next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md index 008f6c0a2..ea9c6ff79 100644 --- a//next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md +++ b//next-generation-sagemaker/latest/userguide/lakehouse-athena-federated-queries.md @@ -163 +163 @@ For more information about setting up a DynamoDB data source by using AWS CloudS - * To allow the appropriate actions for the SageMaker Unified Studio projects to take on your DynamoDB data source, add a resource-based policy to your DynamoDB data source. Attach the following policy for the table `customer_ddb`: + * To allow the appropriate actions for the SageMaker Unified Studio projects to take on your DynamoDB data source, add a resource-based policy to your DynamoDB data source. Attach the following policy for the table `customer_ddb`. @@ -172,2 +172,2 @@ For more information about setting up a DynamoDB data source by using AWS CloudS - "arn:aws:iam::AWS_account_ID:role/datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy", - "arn:aws:iam::AWS_account_ID:role/datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa" + "arn:aws:iam::111122223333:role/datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy", + "arn:aws:iam::111122223333:role/datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa" @@ -183 +183 @@ For more information about setting up a DynamoDB data source by using AWS CloudS - "Resource": "arn:aws:dynamodb:AWS_Region:AWS_account_ID:table/customer_ddb" + "Resource": "arn:aws:dynamodb:us-west-2:111122223333:table/customer_ddb" @@ -189 +189 @@ For more information about setting up a DynamoDB data source by using AWS CloudS -This example policy allows connecting to DynamoDB tables as a federated source. Replace `AWS_Region` with your AWS Region, `AWS_account_ID` with the AWS account ID where DynamoDB is deployed, `customer_ddb` with the DynamoDB table that you intend to query from SageMaker Unified Studio, `datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy` with the admin project role, and `datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa` with the data analyst project role in SageMaker Unified Studio. For more information about how to attach a policy to a DynamoDB data source, see [Attach a policy to a DynamoDB existing table](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-attach-resource-based-policy.html) in the _Amazon DynamoDB Developer Guide_. +This example policy allows connecting to DynamoDB tables as a federated source. Replace `us-west-2` with your AWS Region, `111122223333` with the AWS account ID where DynamoDB is deployed, `customer_ddb` with the DynamoDB table that you intend to query from SageMaker Unified Studio, `datazone_usr_role_xxxxxxxxxxxxxx_yyyyyyyyyyyyyy` with the admin project role, and `datazone_usr_role_zzzzzzzzzzzzzz_aaaaaaaaaaaaaa` with the data analyst project role in SageMaker Unified Studio. For more information about how to attach a policy to a DynamoDB data source, see [Attach a policy to a DynamoDB existing table](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/rbac-attach-resource-based-policy.html) in the _Amazon DynamoDB Developer Guide_.