AWS redshift documentation change
Summary
Added support for `GetClusterCredentialsWithIAM` permission alongside existing `GetClusterCredentials` in access requirements
Security assessment
The change documents an additional IAM permission method (`GetClusterCredentialsWithIAM`) for credential management, which relates to security features but does not indicate a specific security vulnerability being addressed. This expands security documentation without evidence of patching an exploit.
Diff
diff --git a/redshift/latest/mgmt/query-editor-v2-getting-started.md b/redshift/latest/mgmt/query-editor-v2-getting-started.md index 55382093f..c1b8332c5 100644 --- a//redshift/latest/mgmt/query-editor-v2-getting-started.md +++ b//redshift/latest/mgmt/query-editor-v2-getting-started.md @@ -138 +138 @@ You can also create your own policy based on the permissions allowed and denied -For a principal (a user with an IAM role assigned) to connect to an Amazon Redshift cluster, they need the permissions in one of the query editor v2 managed policies. They also need the `redshift:GetClusterCredentials` permission to the cluster. To get this permission, someone with administrative permission can attach a policy to the IAM roles used to connect to the cluster by using temporary credentials. You can scope the policy to specific clusters or be more general. For more information about permission to use temporary credentials, see [Create an IAM role or user with permissions to call GetClusterCredentials](./generating-iam-credentials-steps.html#generating-iam-credentials-role-permissions). +For a principal (a user with an IAM role assigned) to connect to an Amazon Redshift cluster, they need the permissions in one of the query editor v2 managed policies. They also need one of the `redshift:GetClusterCredentialsWithIAM` or `redshift:GetClusterCredentials` permission to the cluster. To get this permission, someone with administrative permission can attach a policy to the IAM roles used to connect to the cluster by using temporary credentials. You can scope the policy to specific clusters or be more general. For more information about permission to use temporary credentials, see [Create an IAM role or user with permissions to call GetClusterCredentialsWithIAM or GetClusterCredentials](./generating-iam-credentials-steps.html#generating-iam-credentials-role-permissions).