AWS emr documentation change
Summary
Added 'deletecollection' verb permissions for various resources
Security assessment
While the change involves permissions, it appears to be a functional enhancement rather than addressing a specific security vulnerability
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/permissions-for-pvc.md index edf348e35..5bb7c80f7 100644 --- a/emr/latest/EMR-on-EKS-DevelopmentGuide/permissions-for-pvc.md +++ b/emr/latest/EMR-on-EKS-DevelopmentGuide/permissions-for-pvc.md @@ -138 +138 @@ If the permissions aren’t there, proceed with the patch, as follows. - "verbs": ["list", "create", "delete", "patch"] + "verbs": ["list", "create", "delete", "patch", "deletecollection"] @@ -143 +143,6 @@ If the permissions aren’t there, proceed with the patch, as follows. - "verbs": ["get", "list", "describe", "create", "delete", "watch"] + "verbs": ["get", "list", "describe", "create", "delete", "watch", "deletecollection"] + }, + { + "apiGroups": [""], + "resources": ["configmaps", "pods"], + "verbs": ["deletecollection"] @@ -223,0 +229 @@ The role _emr-containers_ is a primary role. This means that it must provide all + - deletecollection @@ -234,0 +241,8 @@ The role _emr-containers_ is a primary role. This means that it must provide all + - deletecollection + - apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - deletecollection