AWS emr documentation change
Summary
Added SIDs and restructured IAM policies for EKS pod identity associations
Security assessment
Improved documentation of IAM role requirements for pod identity, but no specific security vulnerability addressed.
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.md index da514a4db..e14b47241 100644 --- a//emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.md +++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.md @@ -52 +52,4 @@ JSON - "Resource": "*" + "Resource": [ + "*" + ], + "Sid": "AllowEKSAUTHAssumeroleforpodidentity" @@ -182,0 +186,3 @@ JSON + { + "Version": "2012-10-17", + "Statement": [ @@ -186 +192 @@ JSON - "eks:CreatePodIdentityAssociation", + "eks:CreatePodIdentityAssociation" @@ -188 +194,4 @@ JSON - "Resource": "* or role-arn" + "Resource": [ + "* or role-arn" + ], + "Sid": "AllowEKSCreatepodidentityassociation" @@ -190,3 +198,0 @@ JSON - { - "Version": "2012-10-17", - "Statement": [ @@ -195,2 +201,6 @@ JSON - "Action": "iam:PassRole", - "Resource": "* or role-arn", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "* or role-arn" + ], @@ -200,0 +211,2 @@ JSON + }, + "Sid": "AllowIAMPassrole" @@ -202 +214 @@ JSON - }] + ]