AWS emr medium security documentation change
Summary
Updated ECR policy examples with specific ARNs and tightened IAM conditions
Security assessment
Changed from broad Service principal to ARN-based conditions, implementing least privilege access control
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/application-custom-image.md b/emr/latest/EMR-Serverless-UserGuide/application-custom-image.md index 0a4b82eb6..c781d904d 100644 --- a//emr/latest/EMR-Serverless-UserGuide/application-custom-image.md +++ b//emr/latest/EMR-Serverless-UserGuide/application-custom-image.md @@ -55 +55 @@ JSON - "ecr-repository-arn" + "arn:aws:ecr:*:123456789012:repository/my-repo" @@ -216,3 +215,0 @@ JSON - "Principal": { - "Service": "emr-serverless.amazonaws.com" - }, @@ -223,0 +221 @@ JSON + "Resource": "arn:aws:ecr:*:123456789012:repository/my-repo", @@ -225,2 +223,2 @@ JSON - "StringEquals": { - "aws:SourceArn": "arn:aws:emr-serverless:region:aws-111122223333:/applications/application-id" + "ArnLike": { + "aws:SourceArn": "arn:aws:emr-serverless:*:123456789012:/applications/*"