AWS glue documentation change
Summary
Removed detailed IAM policy example for Glue Studio permissions
Security assessment
Policy example removal appears to be documentation reorganization rather than addressing security issues. No security context or vulnerability mitigation is mentioned in the change.
Diff
diff --git a/glue/latest/dg/getting-started-min-privs.md b/glue/latest/dg/getting-started-min-privs.md index 59a468aba..8c0956615 100644 --- a//glue/latest/dg/getting-started-min-privs.md +++ b//glue/latest/dg/getting-started-min-privs.md @@ -174,73 +173,0 @@ In the example, the additional listed action policies (for example, `glue:Search -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "glue:UseGlueStudio", - "iam:ListRoles", - "iam:ListUsers", - "iam:ListGroups", - "iam:ListRolePolicies", - "iam:GetRole", - "iam:GetRolePolicy", - "glue:SearchTables", - "glue:GetConnections", - "glue:GetJobs", - "glue:GetTables", - "glue:BatchStopJobRun", - "glue:GetSecurityConfigurations", - "glue:DeleteJob", - "glue:GetDatabases", - "glue:CreateConnection", - "glue:GetSchema", - "glue:GetTable", - "glue:GetMapping", - "glue:CreateJob", - "glue:DeleteConnection", - "glue:CreateScript", - "glue:UpdateConnection", - "glue:GetConnection", - "glue:StartJobRun", - "glue:GetJobRun", - "glue:UpdateJob", - "glue:GetPlan", - "glue:GetJobRuns", - "glue:GetTags", - "glue:GetJob", - "glue:QueryJobRuns", - "glue:QueryJobs", - "glue:QueryJobRunsAggregated", - "glue:SendRecipeAction", - "glue:GetRecipeAction" - ], - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*", - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "glue.amazonaws.com" - ] - } - } - } - ] - } - - - -