AWS lake-formation documentation change
Summary
Updated catalog configuration instructions by removing 'OverwriteChildResourcePermissionsWithDefault' parameter from migration steps.
Security assessment
The change clarifies permission migration procedures but shows no evidence of addressing security vulnerabilities. The parameter removal appears to be a documentation refinement.
Diff
diff --git a/lake-formation/latest/dg/change-access-iam-to-lf.md b/lake-formation/latest/dg/change-access-iam-to-lf.md index 7471ec53f..9942896c4 100644 --- a//lake-formation/latest/dg/change-access-iam-to-lf.md +++ b//lake-formation/latest/dg/change-access-iam-to-lf.md @@ -38 +38 @@ If you have an existing role, ensure hybrid access is false. -Update the catalog with empty `CreateDatabaseDefaultPermissions` and `CreateTableDefaultPermissions` (set to `[]`) and set `OverwriteChildResourcePermissionsWithDefault` to `Accept`. This removes IAM-based access from all existing child resources and allows the catalog and its objects to be managed using Lake Formation grants. +Update the catalog with empty `CreateDatabaseDefaultPermissions` and `CreateTableDefaultPermissions` (set to `[]`). This ensures that databases and tables in the catalog are managed using Lake Formation grants instead of IAM-based default permissions. @@ -49 +48,0 @@ Update the catalog with empty `CreateDatabaseDefaultPermissions` and `CreateTabl - "OverwriteChildResourcePermissionsWithDefault": "Accept",