AWS athena documentation change
Summary
Removed detailed JSON policy example for cross-account AWS Glue Data Catalog sharing
Security assessment
The change removes a specific IAM policy example but does not indicate a security vulnerability fix. While cross-account access policies are security-sensitive, the removal of an example does not directly address a security issue or add new security documentation.
Diff
diff --git a/athena/latest/ug/lf-athena-limitations-cross-account.md b/athena/latest/ug/lf-athena-limitations-cross-account.md index b15884e52..cd4f0f953 100644 --- a//athena/latest/ug/lf-athena-limitations-cross-account.md +++ b//athena/latest/ug/lf-athena-limitations-cross-account.md @@ -15,39 +15 @@ You can use Athena's cross-account AWS Glue catalog feature to register the cata -If the Data Catalog to be shared has a resource policy configured in AWS Glue, it must be updated to allow access to the AWS Resource Access Manager and grant permissions to Account B to use Account A's Data Catalog, as in the following example. - -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Service": "ram.amazonaws.com" - }, - "Action": "glue:ShareResource", - "Resource": [ - "arn:aws:glue:us-east-1:111122223333:table/*/*", - "arn:aws:glue:us-east-1:111122223333:database/*", - "arn:aws:glue:us-east-1:111122223333:catalog" - ] - }, - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::444455556666:root" - }, - "Action": "glue:*", - "Resource": [ - "arn:aws:glue:us-east-1:111122223333:table/*/*", - "arn:aws:glue:us-east-1:111122223333:database/*", - "arn:aws:glue:us-east-1:111122223333:catalog" - ] - } - ] - } - +If the Data Catalog to be shared has a resource policy configured in AWS Glue, it must be updated to allow access to the AWS Resource Access Manager and grant permissions to Account B to use Account A's Data Catalog.