AWS emr documentation change
Summary
Removed Federated Principal and updated condition to use aws:userid.
Security assessment
Policy structure changes align with IAM best practices but lack direct security fixes.
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md index efc27de84..b8e0c8026 100644 --- a//emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md +++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/jobruns-flink-kubernetes-operator-setup.md @@ -40,3 +39,0 @@ JSON - "Principal": { - "Federated": "arn:aws:iam::111122223333:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLE123ABC456" - }, @@ -51 +48 @@ JSON - "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLE123ABC456:sub": "system:serviceaccount:emr:emr-containers-sa-flink-operator" + "aws:userid": "system:serviceaccount:emr:emr-containers-sa-flink-operator"