AWS Security ChangesHomeSearch

AWS glue medium security documentation change

Service: glue · 2025-10-22 · Security-related medium

File: glue/latest/dg/aws-glue-api-jobs-security.md

Summary

Updated CatalogEncryptionServiceRole regex pattern reference from #52 to #53

Security assessment

Corrects validation for IAM roles used in encryption configuration. Previous pattern #52 matched root ARNs (potentially overprivileged), while #53 now properly validates IAM role ARNs. This prevents misconfiguration risks in KMS key usage.

Diff

diff --git a/glue/latest/dg/aws-glue-api-jobs-security.md b/glue/latest/dg/aws-glue-api-jobs-security.md
index 8bf142cd5..ce45270ed 100644
--- a//glue/latest/dg/aws-glue-api-jobs-security.md
+++ b//glue/latest/dg/aws-glue-api-jobs-security.md
@@ -67 +67 @@ The ID of the AWS KMS key to use for encryption at rest.
-  * `CatalogEncryptionServiceRole` – UTF-8 string, matching the [Custom string pattern #52](./aws-glue-api-common.html#regex_52).
+  * `CatalogEncryptionServiceRole` – UTF-8 string, matching the [Custom string pattern #53](./aws-glue-api-common.html#regex_53).