AWS guidance documentation change
Summary
Minor editorial fixes including typo corrections ('linline' to 'inline'), grammar improvements, and service name clarification ('Quick Suite' to 'Quick Sight')
Security assessment
The changes are purely editorial with no security implications. They fix typos, improve grammar, and clarify service names but don't address vulnerabilities, modify security configurations, or add new security guidance. The core security concepts (RLS implementation, access controls) remain unchanged.
Diff
diff --git a/guidance/latest/cloud-intelligence-dashboards/row-level-security.md b/guidance/latest/cloud-intelligence-dashboards/row-level-security.md index ab138c9c7..eb96c0be8 100644 --- a//guidance/latest/cloud-intelligence-dashboards/row-level-security.md +++ b//guidance/latest/cloud-intelligence-dashboards/row-level-security.md @@ -118 +118 @@ CID constructs an RLS dataset from several sources. - 1. **full_access_users** \- is a view or a table that contains a list of emails of users who are supposed to have a full unrestricted access to protected datasets. This view can be edited in Athena directly (https://docs.aws.amazon.com/athena/latest/ug/views-managing.html) as [linline table](https://prestodb.io/docs/current/sql/values.htm) or it can be replaced with the tables that comes from other sources (your identity management or a simple csv file on Amazon S3). We do not recommend using individual users for this and rather prioritize user management with groups, but it can be handy on the initial setup phase. Please make sure you put exactly the same email as you have in Quick Suite. + 1. **full_access_users** \- is a view or a table that contains a list of emails of users who are supposed to have a full unrestricted access to protected datasets. This view can be edited in Athena directly (https://docs.aws.amazon.com/athena/latest/ug/views-managing.html) as an [inline table](https://prestodb.io/docs/current/sql/values.htm) or it can be replaced with tables that come from other sources (your identity management or a simple csv file on Amazon S3). We do not recommend using individual users for this and rather prioritize user management with groups, but it can be handy on the initial setup phase. Please make sure you put exactly the same email as you have in Quick Suite. @@ -120 +120 @@ CID constructs an RLS dataset from several sources. - 2. **full_access_groups** \- is a view or a table that contains a list of Quick Suite Groups with users who will to have a full unrestricted access to protected datasets. This view can be edited in Athena directly (https://docs.aws.amazon.com/athena/latest/ug/views-managing.html) as [linline table](https://prestodb.io/docs/current/sql/values.htm) or it can be replaced with the tables that comes from other sources (your identity management or a simple csv file on Amazon S3). + 2. **full_access_groups** \- is a view or a table that contains a list of Quick Suite Groups with users who will to have a full unrestricted access to protected datasets. This view can be edited in Athena directly (https://docs.aws.amazon.com/athena/latest/ug/views-managing.html) as an [inline table](https://prestodb.io/docs/current/sql/values.htm) or it can be replaced with tables that come from other sources (your identity management or a simple csv file on Amazon S3). @@ -132 +132 @@ CID constructs an RLS dataset from several sources. - 4. **permission view** \- is a union of several sub tables based on **full_access_users** , **full_access_groups** and **account_access**. It results to a following fields: + 4. **permission view** \- is a union of several sub tables based on **full_access_users** , **full_access_groups** and **account_access**. It results in the following fields: @@ -151 +151 @@ CID constructs an RLS dataset from several sources. -###### In RLS dataset an empty string will result to the full access on the given field. +###### In RLS dataset an empty string will result in full access on the given field. @@ -155 +155 @@ CID constructs an RLS dataset from several sources. - * if only `payer_account_id` is provided but `account_id` is empty, the user or the group will have access to all account in the AWS Organization of the given payer Account + * if only `payer_account_id` is provided but `account_id` is empty, the user or the group will have access to all accounts in the AWS Organization of the given payer Account @@ -185 +185 @@ Choose one of the three options described above to define your RLS data source: -If you have already [CID Data Collection Stack](./data-collection.html) you can just check if Quick Suite (IncludeQuickSightModule parameter) and OrganizationData (IncludeOrgDataModule parameter) modules are activated, and continue to the next step. +If you already have the [CID Data Collection Stack](./data-collection.html) you can just check if Quick Sight (IncludeQuickSightModule parameter) and OrganizationData (IncludeOrgDataModule parameter) modules are activated, and continue to the next step.