AWS Security ChangesHomeSearch

AWS emr high security documentation change

Service: emr · 2025-08-25 · Security-related high

File: emr/latest/ManagementGuide/encryption-at-rest-kms.md

Summary

Removed explicit principals and restricted KMS key policy to account-specific ARNs

Security assessment

Tightened KMS key policy by removing broad principal access and scoping resources to the account, reducing potential privilege escalation risks.

Diff

diff --git a/emr/latest/ManagementGuide/encryption-at-rest-kms.md b/emr/latest/ManagementGuide/encryption-at-rest-kms.md
index 2bde8ccf4..0ecda60bd 100644
--- a//emr/latest/ManagementGuide/encryption-at-rest-kms.md
+++ b//emr/latest/ManagementGuide/encryption-at-rest-kms.md
@@ -81,8 +80,0 @@ JSON
-          "Principal": {
-            "AWS": [
-              "arn:aws:iam::111122223333:role/EMR_EC2_DefaultRole"
-            ],
-            "Service": [
-              "emrwal.amazonaws.com"
-            ]
-          },
@@ -94 +86 @@ JSON
-            "*"
+            "arn:aws:kms:*:123456789012:key/*"