AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2025-08-16 · Documentation low

File: emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md

Summary

Expanded IAM policy syntax to use arrays for Actions/Resources and added SIDs. Improved cross-account role assumption examples.

Security assessment

Clarifies IAM policies for S3/DynamoDB access (security-related), but no direct security issue is resolved.

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md b/emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md
index e075fa328..16ccd39ba 100644
--- a//emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md
+++ b//emr/latest/EMR-Serverless-UserGuide/jobs-s3-access.md
@@ -103 +103,3 @@ JSON
-                "Action": "s3:*",
+          "Action": [
+            "s3:*"
+          ],
@@ -107 +109,2 @@ JSON
-                ]
+          ],
+          "Sid": "AllowS3"
@@ -128,2 +131,7 @@ JSON
-                "Action": "dynamodb:*",
-                "Resource": "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable"
+          "Action": [
+            "dynamodb:*"
+          ],
+          "Resource": [
+            "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable"
+          ],
+          "Sid": "AllowDYNAMODB"
@@ -157 +165,4 @@ JSON
-                    "Action": "sts:AssumeRole"
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Sid": "AllowSTSAssumerole"
@@ -180,2 +191,7 @@ JSON
-                    "Action": "sts:AssumeRole",
-                    "Resource": "arn:aws:iam::111122223333:role/Cross-Account-Role-B"
+              "Action": [
+                "sts:AssumeRole"
+              ],
+              "Resource": [
+                "arn:aws:iam::111122223333:role/Cross-Account-Role-B"
+              ],
+              "Sid": "AllowSTSAssumerole"