AWS Security ChangesHomeSearch

AWS emr high security documentation change

Service: emr · 2025-08-25 · Security-related high

File: emr/latest/EMR-Serverless-UserGuide/logging.md

Summary

Removed wildcard Principal (*) and updated resource ARNs. Added VPC condition for S3 bucket access.

Security assessment

Removing Principal '*' prevents overly permissive access. Adding VPC conditions enforces network-level security, addressing a potential misconfiguration risk.

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/logging.md b/emr/latest/EMR-Serverless-UserGuide/logging.md
index 0b8ac17a1..d8137a794 100644
--- a//emr/latest/EMR-Serverless-UserGuide/logging.md
+++ b//emr/latest/EMR-Serverless-UserGuide/logging.md
@@ -57 +56,0 @@ JSON
-          "Principal": "*",
@@ -63,2 +62,2 @@ JSON
-            "arn:aws:s3:::prod.AWS_REGION.appinfo.src",
-            "arn:aws:s3:::prod.AWS_REGION.appinfo.src/*"
+            "arn:aws:s3:::prod.us-east-1.appinfo.src",
+            "arn:aws:s3:::prod.us-east-1.appinfo.src/*"
@@ -69 +68 @@ JSON
-              "aws:SourceVpc": "vpc-XXXX"
+              "aws:SourceVpc": "vpc-12345678"
@@ -160 +159 @@ JSON
-            "arn:aws:logs:us-east-1:111122223333:*"
+            "arn:aws:logs:*:123456789012:*"
@@ -173 +172 @@ JSON
-            "arn:aws:logs:us-east-1:111122223333:log-group:my-log-group-name:*"
+            "arn:aws:logs:*:123456789012:log-group:my-log-group-name:*"