AWS Security ChangesHomeSearch

AWS emr medium security documentation change

Service: emr · 2025-08-25 · Security-related medium

File: emr/latest/ManagementGuide/emr-emrfs-iam-roles.md

Summary

Removed Principal blocks and added emr:RoleARN conditions for role assumptions.

Security assessment

Replacing explicit Principals with emr:RoleARN conditions enforces role-based access control, addressing potential privilege escalation risks from overly permissive policies.

Diff

diff --git a/emr/latest/ManagementGuide/emr-emrfs-iam-roles.md b/emr/latest/ManagementGuide/emr-emrfs-iam-roles.md
index abc2d6174..4a968eea0 100644
--- a//emr/latest/ManagementGuide/emr-emrfs-iam-roles.md
+++ b//emr/latest/ManagementGuide/emr-emrfs-iam-roles.md
@@ -51,3 +50,0 @@ JSON
-          "Principal": {
-            "AWS": "arn:aws:iam::111122223333:role/EMR_EC2_DefaultRole"
-          },
@@ -56,0 +54 @@ JSON
+          "Resource": "arn:aws:iam::123456789012:role/EMR_EC2_DefaultRole",
@@ -77,6 +74,0 @@ JSON
-          "Principal": {
-            "AWS": [
-              "arn:aws:iam::111122223333:role/EMRFSRole_First",
-              "arn:aws:iam::111122223333:role/EMRFSRole_Second"
-            ]
-          },
@@ -85,0 +78,4 @@ JSON
+          "Resource": [
+            "arn:aws:iam::123456789012:role/EMRFSRole_First",
+            "arn:aws:iam::123456789012:role/EMRFSRole_Second"
+          ],