AWS lake-formation documentation change
Summary
Added CLI examples for updating Redshift Connect authorization in existing Identity Center configurations
Security assessment
Provides instructions for modifying authorization settings, which relates to access control security features. No indication of patching a security flaw.
Diff
diff --git a/lake-formation/latest/dg/update-lf-identity-center-connection.md b/lake-formation/latest/dg/update-lf-identity-center-connection.md index 74e50f276..b0ed55ff3 100644 --- a//lake-formation/latest/dg/update-lf-identity-center-connection.md +++ b//lake-formation/latest/dg/update-lf-identity-center-connection.md @@ -29,0 +30,2 @@ AWS Management Console + 7. (Optioanlly) On the **IAM Identity Center integration** page you can either enabled trusted identity propagation for Amazon Redshift connect or disable it. Lake Formation propagates identity to downstream based on the effective permissions, so that authorized applications can access data on behalf of users. + @@ -44,0 +47,12 @@ You can add or remove third-party applications for the IAM Identity Center integ +If you have an existing LF IDC application, but wish to add the `Redshift:Connect` authorization, you can use the following to update your Lake Formation IDC Application. Authorization can be ENABLED or DISABLED. + + + aws lakeformation update-lake-formation-identity-center-configuration \ + --service-integrations '[{ + "Redshift": [{ + "RedshiftConnect": { + "Authorization": "ENABLED" + } + }] + }]' +