AWS Security ChangesHomeSearch

AWS managed-flink documentation change

Service: managed-flink · 2025-05-16 · Documentation low

File: managed-flink/latest/java/best-practices.md

Summary

Added guidance about using uniformShardAssigner to mitigate idle worker risks in Kinesis shard processing

Security assessment

The change addresses operational efficiency and resource utilization, not a specific security vulnerability. It focuses on ensuring workers process shards effectively rather than patching security flaws.

Diff

diff --git a/managed-flink/latest/java/best-practices.md b/managed-flink/latest/java/best-practices.md
index ca8e53f08..acd7edd92 100644
--- a//managed-flink/latest/java/best-practices.md
+++ b//managed-flink/latest/java/best-practices.md
@@ -283,0 +284,2 @@ That means, if a source subtask is consuming from an idle shard, downstream oper
+Depending on the shard assigner you use, some workers might not be assigned any Kinesis shards. In that case, these workers will manifest the idle source behavior even if all Kinesis shards continuously deliver event data. You can mitigate this risk by using `uniformShardAssigner` with the source operator. This makes sure that all source subtasks have shards to process as long as the number of workers is less or equal to the number of active shards. 
+