AWS Security ChangesHomeSearch

AWS emr high security documentation change

Service: emr · 2025-08-19 · Security-related high

File: emr/latest/ReleaseGuide/emr-780-release.md

Summary

Added release note about KMS encryption error affecting Lake Formation-enabled clusters and provided workarounds

Security assessment

The change addresses an error in KMS encryption at rest (a security feature) that causes job failures. The workaround to disable encryption could expose data, indicating a security-related flaw. The documentation explicitly discusses encryption controls and remediation steps.

Diff

diff --git a/emr/latest/ReleaseGuide/emr-780-release.md b/emr/latest/ReleaseGuide/emr-780-release.md
index 9d5b90ec1..8346283af 100644
--- a//emr/latest/ReleaseGuide/emr-780-release.md
+++ b//emr/latest/ReleaseGuide/emr-780-release.md
@@ -99 +99,7 @@ The following release notes include information for Amazon EMR release 7.8.0.
-  * Not applicable for this release.
+  * **KMS encryption using the EMR-EC2 SecretAgent component** – There is an error that occurs when KMS encryption at rest is enabled for Lake Formation-enabled clusters in EMR versions 7.8 and 7.9. Lake Formation-enabled jobs will fail with a _NoSuchMethodError_. There are two workarounds available:
+
+    * Temporarily disable KMS encryption at rest for affected clusters.
+
+    * Contact AWS Support to request a Bootstrap Action artifact if KMS encryption must be maintained.
+
+A permanent fix for this error is being worked on. This release note will be revised when it is deployed.