AWS emr documentation change
Summary
Added SIDs and restructured IAM policy syntax to use arrays for Actions/Resources in cross-account DynamoDB access documentation
Security assessment
Changes are syntactic improvements (adding Statement IDs and array formatting) without altering actual permissions or addressing security vulnerabilities.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md b/emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md index 8f06e87cf..3e2ff60cf 100644 --- a//emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md +++ b//emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md @@ -32,2 +32,7 @@ JSON - "Action": "dynamodb:*", - "Resource": "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable" + "Action": [ + "dynamodb:*" + ], + "Resource": [ + "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable" + ], + "Sid": "AllowDYNAMODB" @@ -59 +64,4 @@ JSON - "Action": "sts:AssumeRole" + "Action": [ + "sts:AssumeRole" + ], + "Sid": "AllowSTSAssumerole" @@ -80,2 +88,7 @@ JSON - "Action": "sts:AssumeRole", - "Resource": "arn:aws:iam::111122223333:role/Cross-Account-Role-B" + "Action": [ + "sts:AssumeRole" + ], + "Resource": [ + "arn:aws:iam::111122223333:role/Cross-Account-Role-B" + ], + "Sid": "AllowSTSAssumerole"