AWS AmazonS3 documentation change
Summary
Removed IAM policy example for Glue endpoint integration containing Glue catalog/database/table permissions and Lake Formation access
Security assessment
Policy removal eliminates example permissions configuration but doesn't fix an active security issue. No evidence of vulnerability remediation in the change.
Diff
diff --git a/AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md b/AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md index cb614c5a7..7bf7849af 100644 --- a//AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md +++ b//AmazonS3/latest/userguide/s3-tables-integrating-glue-endpoint.md @@ -36,40 +35,0 @@ To access tables through AWS Glue endpoints, you need to create an IAM role with -JSON - - -**** - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "glue:GetCatalog", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:GetTable", - "glue:GetTables", - "glue:CreateTable", - "glue:UpdateTable" - ], - "Resource": [ - "arn:aws:glue:aws-region:111122223333:catalog", - "arn:aws:glue:aws-region:111122223333:catalog/s3tablescatalog", - "arn:aws:glue:aws-region:111122223333:catalog/s3tablescatalog/amzn-s3-demo-table-bucket", - "arn:aws:glue:aws-region:111122223333:table/s3tablescatalog/amzn-s3-demo-table-bucket/<namespace>/*", - "arn:aws:glue:aws-region:111122223333:database/s3tablescatalog/amzn-s3-demo-table-bucket/<namespace>" - ] - }, - { - "Effect": "Allow", - "Action": [ - "lakeformation:GetDataAccess" - ], - "Resource": "*" - } - ] - } - -