AWS emr documentation change
Summary
Updated role ARNs to use wildcards and restructured policy statements.
Security assessment
Changes improve example clarity but do not address security vulnerabilities.
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md index 2febebdcc..27746a507 100644 --- a//emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md +++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/security_iam_fgac-lf-enable.md @@ -124 +124 @@ JSON - "arn:aws:iam::111122223333:role/JobExecutionRole" + "arn:aws:iam::*:role/JobExecutionRole" @@ -139 +139 @@ JSON - "arn:aws:iam::111122223333:role/JobExecutionRole" + "arn:aws:iam::*:role/JobExecutionRole" @@ -234,3 +233,0 @@ JSON - "Principal": { - "AWS": "arn:aws:iam::111122223333:role/QueryExecutionRole" - }, @@ -240,0 +238,3 @@ JSON + "Resource": [ + "arn:aws:iam::*:role/QueryExecutionRole" + ], @@ -250,3 +249,0 @@ JSON - "Principal": { - "AWS": "arn:aws:iam::111122223333:role/QueryEngineRole" - }, @@ -254,0 +252,3 @@ JSON + ], + "Resource": [ + "arn:aws:iam::*:role/QueryEngineRole"