AWS Security ChangesHomeSearch

AWS emr medium security documentation change

Service: emr · 2025-08-25 · Security-related medium

File: emr/latest/EMR-Serverless-UserGuide/application-custom-image.md

Summary

Updated ECR policy examples with specific ARNs and tightened IAM conditions

Security assessment

Changed from broad Service principal to ARN-based conditions, implementing least privilege access control

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/application-custom-image.md b/emr/latest/EMR-Serverless-UserGuide/application-custom-image.md
index 0a4b82eb6..c781d904d 100644
--- a//emr/latest/EMR-Serverless-UserGuide/application-custom-image.md
+++ b//emr/latest/EMR-Serverless-UserGuide/application-custom-image.md
@@ -55 +55 @@ JSON
-            "ecr-repository-arn"
+            "arn:aws:ecr:*:123456789012:repository/my-repo"
@@ -216,3 +215,0 @@ JSON
-          "Principal": {
-            "Service": "emr-serverless.amazonaws.com"
-          },
@@ -223,0 +221 @@ JSON
+          "Resource": "arn:aws:ecr:*:123456789012:repository/my-repo",
@@ -225,2 +223,2 @@ JSON
-            "StringEquals": {
-              "aws:SourceArn": "arn:aws:emr-serverless:region:aws-111122223333:/applications/application-id"
+            "ArnLike": {
+              "aws:SourceArn": "arn:aws:emr-serverless:*:123456789012:/applications/*"