AWS emr documentation change
Summary
Added SIDs and array formatting for IAM policy actions/resources in cross-account access documentation
Security assessment
Structural changes to IAM policy examples without modifying effective permissions or addressing security flaws.
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md index 3f882fe8a..8b113b4ac 100644 --- a//emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md +++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md @@ -56 +56,3 @@ JSON - "Action": "s3:*", + "Action": [ + "s3:*" + ], @@ -60 +62,2 @@ JSON - ] + ], + "Sid": "AllowS3" @@ -81,2 +84,7 @@ JSON - "Action": "dynamodb:*", - "Resource": "arn:aws:dynamodb:us-east-1:AccountB:table/CrossAccountTable" + "Action": [ + "dynamodb:*" + ], + "Resource": [ + "arn:aws:dynamodb:us-east-1:111122223333:table/CrossAccountTable" + ], + "Sid": "AllowDYNAMODB" @@ -110 +118,4 @@ JSON - "Action": "sts:AssumeRole" + "Action": [ + "sts:AssumeRole" + ], + "Sid": "AllowSTSAssumerole" @@ -133,2 +144,7 @@ JSON - "Action": "sts:AssumeRole", - "Resource": "arn:aws:iam::111122223333:role/Cross-Account-Role-B" + "Action": [ + "sts:AssumeRole" + ], + "Resource": [ + "arn:aws:iam::111122223333:role/Cross-Account-Role-B" + ], + "Sid": "AllowSTSAssumerole"