AWS glue documentation change
Summary
Removed JSON policy example and modified resource ARN format in remaining policy snippet
Security assessment
The ARN format correction (from s3tables to s3) appears to fix documentation accuracy but doesn't address a security vulnerability. Policy removal doesn't indicate security remediation.
Diff
diff --git a/glue/latest/dg/zero-etl-target.md b/glue/latest/dg/zero-etl-target.md index eb96e1216..037f253b4 100644 --- a//glue/latest/dg/zero-etl-target.md +++ b//glue/latest/dg/zero-etl-target.md @@ -85,54 +84,0 @@ For cross-account scenario, both source principal as well as target AWS Glue Cat -JSON - - -**** - - - - { - "Version": "2012-10-17", - "Statement": [ - { - // Optional for same account but mandatory for cross account scenarios - // Allow Alice to create Integration on Target Catalog - "Principal": { - "AWS": [ - "arn:aws:iam::<source-account-id>:user/Alice" - ] - }, - "Effect": "Allow", - "Action": [ - "glue:CreateInboundIntegration" - ], - "Resource": [ - "arn:aws:glue:<region>:<Target-Account-Id>:catalog/<s3tablescatalog>/*" - ], - "Condition": { - "StringLike": { - "aws:SourceArn": "arn:aws:dynamodb:<region>:<Account>:table/<table-name>" - } - } - }, - { // Required: Allow Glue to Authorize the Inbound Integration on behalf of Bob - "Principal": { - "Service": [ - "glue.amazonaws.com" - ] - }, - "Effect": "Allow", - "Action": [ - "glue:AuthorizeInboundIntegration" - ], - "Resource": [ - "arn:aws:glue:<region>:<Target-Account-Id>:catalog/<s3tablescatalog>/*" - ], - "Condition": { - "StringEquals": { - "aws:SourceArn": "arn:aws:dynamodb:<region>:<account-id>:table/<table-name>" - } - } - } - ] - } - - @@ -176 +122 @@ JSON - "Resource": "arn:aws:s3tables:us-east-1:012345678901:bucket/*", + "Resource": "arn:aws:s3tables:us-east-1:111122223333:bucket/*",