AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2025-08-25 · Documentation low

File: emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md

Summary

Updated role ARNs to use wildcards and restructured policy statements.

Security assessment

Changes improve example clarity but do not address security vulnerabilities.

Diff

diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md
index 2febebdcc..27746a507 100644
--- a//emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md
+++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md
@@ -124 +124 @@ JSON
-            "arn:aws:iam::111122223333:role/JobExecutionRole"
+            "arn:aws:iam::*:role/JobExecutionRole"
@@ -139 +139 @@ JSON
-            "arn:aws:iam::111122223333:role/JobExecutionRole"
+            "arn:aws:iam::*:role/JobExecutionRole"
@@ -234,3 +233,0 @@ JSON
-          "Principal": {
-            "AWS": "arn:aws:iam::111122223333:role/QueryExecutionRole"
-          },
@@ -240,0 +238,3 @@ JSON
+          "Resource": [
+            "arn:aws:iam::*:role/QueryExecutionRole"
+          ],
@@ -250,3 +249,0 @@ JSON
-          "Principal": {
-            "AWS": "arn:aws:iam::111122223333:role/QueryEngineRole"
-          },
@@ -254,0 +252,3 @@ JSON
+          ],
+          "Resource": [
+            "arn:aws:iam::*:role/QueryEngineRole"