AWS cli medium security documentation change
Summary
Added --audit-context and --query-session-context parameters with documentation for Lake Formation audit tracking and query authorization
Security assessment
Added parameters specifically related to audit logging (AdditionalAuditContext, RequestedColumns) and query authorization (QueryAuthorizationId), which are security controls for tracking data access and verifying query authenticity. The audit context constraints and authorization identifiers directly relate to security monitoring and access control.
Diff
diff --git a/cli/latest/reference/glue/batch-get-partition.md b/cli/latest/reference/glue/batch-get-partition.md index 5b66d2ffa..94d32632d 100644 --- a//cli/latest/reference/glue/batch-get-partition.md +++ b//cli/latest/reference/glue/batch-get-partition.md @@ -15 +15 @@ - * [AWS CLI 2.34.8 Command Reference](../../index.html) » + * [AWS CLI 2.34.9 Command Reference](../../index.html) » @@ -70,0 +71,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/glue-2 + [--audit-context <value>] + [--query-session-context <value>] @@ -176,0 +179,126 @@ JSON Syntax: +`--audit-context` (structure) + +> A structure containing the Lake Formation audit context. +> +> AdditionalAuditContext -> (string) +> +>> A string containing the additional audit context information. +>> +>> Constraints: +>> +>> * min: `0` +>> * max: `2048` +>> + +> +> RequestedColumns -> (list) +> +>> The requested columns for audit. +>> +>> (string) +>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1024` +>>> * pattern: `[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*` +>>> + +> +> AllColumnsRequested -> (boolean) +> +>> All columns request for audit. + +Shorthand Syntax: + + + AdditionalAuditContext=string,RequestedColumns=string,string,AllColumnsRequested=boolean + + +JSON Syntax: + + + { + "AdditionalAuditContext": "string", + "RequestedColumns": ["string", ...], + "AllColumnsRequested": true|false + } + + +`--query-session-context` (structure) + +> A structure used as a protocol between query engines and Lake Formation or Glue. Contains both a Lake Formation generated authorization identifier and information from the request’s authorization context. +> +> QueryId -> (string) +> +>> A unique identifier generated by the query engine for the query. +>> +>> Constraints: +>> +>> * min: `1` +>> * max: `255` +>> * pattern: `[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*` +>> + +> +> QueryStartTime -> (timestamp) +> +>> A timestamp provided by the query engine for when the query started. +> +> ClusterId -> (string) +> +>> An identifier string for the consumer cluster. +> +> QueryAuthorizationId -> (string) +> +>> A cryptographically generated query identifier generated by Glue or Lake Formation. +>> +>> Constraints: +>> +>> * min: `1` +>> * max: `255` +>> * pattern: `[\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*` +>> + +> +> AdditionalContext -> (map) +> +>> An opaque string-string map passed by the query engine. +>> +>> key -> (string) +>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `128` +>>> + +>> +>> value -> (string) +>> +>>> Constraints: +>>> +>>> * min: `0` +>>> * max: `256` +>>> + + +Shorthand Syntax: + + + QueryId=string,QueryStartTime=timestamp,ClusterId=string,QueryAuthorizationId=string,AdditionalContext={KeyName1=string,KeyName2=string} + + +JSON Syntax: + + + { + "QueryId": "string", + "QueryStartTime": timestamp, + "ClusterId": "string", + "QueryAuthorizationId": "string", + "AdditionalContext": {"string": "string" + ...} + } + + @@ -765 +893 @@ UnprocessedKeys -> (list) - * [AWS CLI 2.34.8 Command Reference](../../index.html) » + * [AWS CLI 2.34.9 Command Reference](../../index.html) »