AWS emr medium security documentation change
Summary
Modified IAM trust policy to use resource ARNs instead of Service principal
Security assessment
Replaces broad service-based trust with resource ARN conditions for tighter access control
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/getting-started.md b/emr/latest/EMR-Serverless-UserGuide/getting-started.md index b5e9387fd..fba0e67ee 100644 --- a//emr/latest/EMR-Serverless-UserGuide/getting-started.md +++ b//emr/latest/EMR-Serverless-UserGuide/getting-started.md @@ -72,3 +71,0 @@ JSON - "Principal": { - "Service": "emr-serverless.amazonaws.com" - }, @@ -77,0 +75 @@ JSON + "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole", @@ -186,3 +184 @@ JSON - "Principal": { - "Service": "emr-serverless.amazonaws.com" - } + "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole"