AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2025-08-25 · Documentation low

File: emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md

Summary

Removed Federated Principal and updated condition to use aws:userid.

Security assessment

Policy structure changes align with IAM best practices but lack direct security fixes.

Diff

diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md
index efc27de84..b8e0c8026 100644
--- a//emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md
+++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md
@@ -40,3 +39,0 @@ JSON
-          "Principal": {
-            "Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLE123ABC456"
-          },
@@ -51 +48 @@ JSON
-              "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLE123ABC456:sub": "system:serviceaccount:emr:emr-containers-sa-flink-operator"
+              "aws:userid": "system:serviceaccount:emr:emr-containers-sa-flink-operator"