AWS glue documentation change
Summary
Removed specific references to AWS Management Console, CLI, and API from default permissions explanation. Simplified policy assignment flow by omitting details about adding policies to roles for user assumption.
Security assessment
The change simplifies existing security documentation about IAM policies but does not introduce new security controls or address specific vulnerabilities. Removal of console/CLI/API references appears to be editorial rather than security-related.
Diff
diff --git a/glue/latest/dg/security_iam_id-based-policy-examples.md b/glue/latest/dg/security_iam_id-based-policy-examples.md index a596bd7fa..207c17bbc 100644 --- a//glue/latest/dg/security_iam_id-based-policy-examples.md +++ b//glue/latest/dg/security_iam_id-based-policy-examples.md @@ -9 +9 @@ Policy best practicesResource-level authorization limitationsUsing the consoleAl -By default, users and roles don't have permission to create or modify AWS Glue resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles. +By default, users and roles don't have permission to create or modify AWS Glue resources. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies.