AWS lake-formation documentation change
Summary
Added AWS CLI example for granting permissions on an S3 table, including parameters and command structure
Security assessment
The change documents how to configure granular permissions (SELECT, INSERT, etc.) using Lake Formation's access controls. While this relates to security features, there is no evidence of addressing a specific vulnerability.
Diff
diff --git a/lake-formation/latest/dg/s3-tables-grant-permissions.md b/lake-formation/latest/dg/s3-tables-grant-permissions.md index fe2b16c48..dfb886b6f 100644 --- a//lake-formation/latest/dg/s3-tables-grant-permissions.md +++ b//lake-formation/latest/dg/s3-tables-grant-permissions.md @@ -4,0 +5,2 @@ +AWS CLI example for granting permissions on an Amazon S3 Table + @@ -18,0 +21,37 @@ For detailed instructions about granting permissions, see the [Managing Lake For +## AWS CLI example for granting permissions on an Amazon S3 Table + + + aws lakeformation grant-permissions \ + --cli-input-json \ + '{ + "Principal": { + "DataLakePrincipalIdentifier":"arn:aws:iam::111122223333:role/DataAnalystRole" + }, + "Resource": { + "Table": { + "CatalogId":"111122223333:s3tablescatalog/amzn-s3-demo-bucket1", + "DatabaseName":"S3 table bucket namespace <example_namespace>", + "Name":"S3 table bucket table name <example_table>" + } + }, + "Permissions": [ + "SELECT" + ] + }' + + +The following are the parameters to include in the command: + + * DataLakePrincipalIdentifier – IAM user, role, or group ARN to grant permissions + + * CatalogId – 12-digit AWS account ID that owns the Data Catalog + + * DatabaseName – Name of the Amazon S3 table bucket name space + + * Name – Amazon S3 table bucket table name + + * Permissions – Permissions to grant. Options include: SELECT, INSERT, DELETE, DESCRIBE, ALTER, DROP, ALLL, and SUPER + + + +