AWS dms documentation change
Summary
Removed comprehensive IAM policy example for S3 validation involving Athena, Glue, and S3 permissions
Security assessment
Removal of detailed validation policy impacts security configuration guidance but doesn't demonstrate remediation of a specific vulnerability. Validation setup is security-adjacent but change is documentation maintenance.
Diff
diff --git a/dms/latest/userguide/CHAP_Validating_S3.md b/dms/latest/userguide/CHAP_Validating_S3.md index 551b745fd..f17752ae9 100644 --- a//dms/latest/userguide/CHAP_Validating_S3.md +++ b//dms/latest/userguide/CHAP_Validating_S3.md @@ -58,56 +57,0 @@ To set up access for using S3 target validation, ensure that the role assigned t -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "athena:StartQueryExecution", - "athena:GetQueryExecution", - "athena:CreateWorkGroup" - ], - "Resource": "arn:aws:athena:<endpoint_region_code>:<account_id>:workgroup/dms_validation_workgroup_for_task_*" - }, - { - "Effect": "Allow", - "Action": [ - "glue:CreateDatabase", - "glue:DeleteDatabase", - "glue:GetDatabase", - "glue:GetTables", - "glue:CreateTable", - "glue:DeleteTable", - "glue:GetTable" - ], - "Resource": [ - "arn:aws:glue:<endpoint_region_code>:<account_id>:catalog", - "arn:aws:glue:<endpoint_region_code>:<account_id>:database/aws_dms_s3_validation_*", - "arn:aws:glue:<endpoint_region_code>:<account_id>:table/aws_dms_s3_validation_*/*", - "arn:aws:glue:<endpoint_region_code>:<account_id>:userDefinedFunction/aws_dms_s3_validation_*/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucketMultipartUploads", - "s3:AbortMultipartUpload", - "s3:ListMultipartUploadParts" - ], - "Resource": [ - "arn:aws:s3:::<bucket_name>", - "arn:aws:s3:::<bucket_name>/*" - ] - } - ] - } - -