AWS emr documentation change
Summary
Expanded IAM policy syntax to use arrays for Actions/Resources and added SIDs. Improved cross-account role assumption examples.
Security assessment
Clarifies IAM policies for S3/DynamoDB access (security-related), but no direct security issue is resolved.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md b/emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md index e075fa328..16ccd39ba 100644 --- a//emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md +++ b//emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md @@ -103 +103,3 @@ JSON - "Action": "s3:*", + "Action": [ + "s3:*" + ], @@ -107 +109,2 @@ JSON - ] + ], + "Sid": "AllowS3" @@ -128,2 +131,7 @@ JSON - "Action": "dynamodb:*", - "Resource": "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable" + "Action": [ + "dynamodb:*" + ], + "Resource": [ + "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable" + ], + "Sid": "AllowDYNAMODB" @@ -157 +165,4 @@ JSON - "Action": "sts:AssumeRole" + "Action": [ + "sts:AssumeRole" + ], + "Sid": "AllowSTSAssumerole" @@ -180,2 +191,7 @@ JSON - "Action": "sts:AssumeRole", - "Resource": "arn:aws:iam::111122223333:role/Cross-Account-Role-B" + "Action": [ + "sts:AssumeRole" + ], + "Resource": [ + "arn:aws:iam::111122223333:role/Cross-Account-Role-B" + ], + "Sid": "AllowSTSAssumerole"