AWS Security ChangesHomeSearch

AWS emr high security documentation change

Service: emr · 2025-08-25 · Security-related high

File: emr/latest/ManagementGuide/emr-iam-role-for-ec2.md

Summary

Updated policy version, removed Service principal, added resource ARN, and expanded resource wildcards

Security assessment

Policy version upgrade to 2012-10-17 enables modern features. Removal of Service principal with added account/ARN validation prevents unauthorized access. Wildcard expansion in resource ARNs follows least-privilege best practices.

Diff

diff --git a/emr/latest/ManagementGuide/emr-iam-role-for-ec2.md b/emr/latest/ManagementGuide/emr-iam-role-for-ec2.md
index 8df9f8270..1152cba21 100644
--- a//emr/latest/ManagementGuide/emr-iam-role-for-ec2.md
+++ b//emr/latest/ManagementGuide/emr-iam-role-for-ec2.md
@@ -107 +107 @@ JSON
-      "Version": "2008-10-17",
+      "Version": "2012-10-17",
@@ -112,3 +111,0 @@ JSON
-          "Principal": {
-            "Service": "ec2.amazonaws.com"
-          },
@@ -117 +114,2 @@ JSON
-          ]
+          ],
+          "Resource": "arn:aws:iam::123456789012:role/EMR_EC2_DefaultRole"
@@ -203 +201 @@ JSON
-            "arn:aws:dynamodb:us-west-2:111122223333:table/EmrFSMetadata"
+            "arn:aws:dynamodb:*:123456789012:table/EmrFSMetadata"
@@ -229 +227 @@ JSON
-            "arn:aws:sqs:us-west-2:111122223333:EMRFS-Inconsistency-*"
+            "arn:aws:sqs:*:123456789012:EMRFS-Inconsistency-*"