AWS athena documentation change
Summary
Reworded authentication plugin description to clarify OAuth 2.0 Authorization Code flow with PKCE usage.
Security assessment
Clarifies existing security mechanism without adding new features or addressing vulnerabilities. No security impact.
Diff
diff --git a/athena/latest/ug/odbc-v2-driver-sagemaker-idc.md b/athena/latest/ug/odbc-v2-driver-sagemaker-idc.md index d7c2ea3b3..d00802940 100644 --- a//athena/latest/ug/odbc-v2-driver-sagemaker-idc.md +++ b//athena/latest/ug/odbc-v2-driver-sagemaker-idc.md @@ -11 +11 @@ Authentication TypeSageMaker domain IDSageMaker project IDSageMaker domain regio -An authentication plugin that enables connecting to Amazon Athena through SageMaker Unified Studio using AWS Identity and Access Management Identity Center credentials. This plugin authenticates a workforce identity via the SSO OIDC Authorization Code flow with PKCE (browser-based), then exchanges the resulting SSO access token for temporary credentials scoped to the SageMaker domain and retrieves the Athena environment credentials for the project. +An authentication plugin that connects to Amazon Athena through SageMaker Unified Studio. It opens a browser for AWS Identity and Access Management Identity Center sign-in using the OAuth 2.0 Authorization Code flow with PKCE, then exchanges the resulting token for temporary credentials scoped to your SageMaker Unified Studio domain and Athena project environment.