AWS Security ChangesHomeSearch

AWS emr high security documentation change

Service: emr · 2025-08-25 · Security-related high

File: emr/latest/ManagementGuide/emr-iam-role.md

Summary

Updated policy version, removed Service principal, and added account/ARN validation conditions

Security assessment

Policy version update and replacement of Service principal with aws:SourceAccount/aws:SourceArn conditions strengthen authorization controls, reducing risk of service-based privilege escalation.

Diff

diff --git a/emr/latest/ManagementGuide/emr-iam-role.md b/emr/latest/ManagementGuide/emr-iam-role.md
index bfc8b2047..978a57456 100644
--- a//emr/latest/ManagementGuide/emr-iam-role.md
+++ b//emr/latest/ManagementGuide/emr-iam-role.md
@@ -458 +458 @@ JSON
-      "Version": "2008-10-17",
+      "Version": "2012-10-17",
@@ -463,3 +462,0 @@ JSON
-          "Principal": {
-            "Service": "elasticmapreduce.amazonaws.com"
-          },
@@ -468,0 +466 @@ JSON
+          "Resource": "arn:aws:iam::123456789012:role/EMRServiceRole",
@@ -471 +469 @@ JSON
-              "aws:SourceAccount": "111122223333"
+              "aws:SourceAccount": "123456789012"
@@ -474 +472 @@ JSON
-              "aws:SourceArn": "arn:aws:elasticmapreduce:region>:111122223333:*"
+              "aws:SourceArn": "arn:aws:elasticmapreduce:*:123456789012:*"