AWS Security ChangesHomeSearch

AWS emr medium security documentation change

Service: emr · 2025-08-25 · Security-related medium

File: emr/latest/EMR-Serverless-UserGuide/getting-started.md

Summary

Modified IAM trust policy to use resource ARNs instead of Service principal

Security assessment

Replaces broad service-based trust with resource ARN conditions for tighter access control

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/getting-started.md b/emr/latest/EMR-Serverless-UserGuide/getting-started.md
index b5e9387fd..fba0e67ee 100644
--- a//emr/latest/EMR-Serverless-UserGuide/getting-started.md
+++ b//emr/latest/EMR-Serverless-UserGuide/getting-started.md
@@ -72,3 +71,0 @@ JSON
-          "Principal": {
-            "Service": "emr-serverless.amazonaws.com"
-          },
@@ -77,0 +75 @@ JSON
+          "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole",
@@ -186,3 +184 @@ JSON
-          "Principal": {
-            "Service": "emr-serverless.amazonaws.com"
-          }
+          "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole"