AWS redshift documentation change
Summary
Removed example Deny policy for Glue catalog permissions
Security assessment
Deletion of policy example doesn't indicate security fix. No evidence of addressing an exploit or vulnerability.
Diff
diff --git a/redshift/latest/mgmt/using-service-linked-roles.md b/redshift/latest/mgmt/using-service-linked-roles.md index cd33afc3c..efd13310c 100644 --- a//redshift/latest/mgmt/using-service-linked-roles.md +++ b//redshift/latest/mgmt/using-service-linked-roles.md @@ -271,26 +270,0 @@ The `glue:GetCatalog` and `glue:GetCatalogs` permissions have the condition `glu -JSON - - -**** - - - - { - "Version" : "2012-10-17", - "Statement" : { - "Effect": "Deny", - "Action": [ - "glue:GetCatalog", - "glue:GetCatalogs" - ], - "Principal" : { - "AWS" : "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift" - }, - "Resource": [ - "arn:aws:glue:*:*:catalog/<s3_table_catalog_name>", - "arn:aws:glue:*:*:catalog/<s3_table_catalog_name>/*" - ] - } - } - -