AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2025-09-19 · Documentation medium

File: emr/latest/ManagementGuide/emr-lf-enable.md

Summary

Consolidated permissions setup steps and removed table-level access documentation in favor of granular controls

Security assessment

Removes documentation about less secure full table access options and emphasizes fine-grained controls, but no evidence of addressing a specific reported vulnerability. Improves security posture documentation.

Diff

diff --git a/emr/latest/ManagementGuide/emr-lf-enable.md b/emr/latest/ManagementGuide/emr-lf-enable.md
index 0d54e1125..9c2f24adc 100644
--- a//emr/latest/ManagementGuide/emr-lf-enable.md
+++ b//emr/latest/ManagementGuide/emr-lf-enable.md
@@ -5 +5 @@
-Step 1: Set up a runtime roleStep 2: Launch a clusterStep 3a: Table-level permissionsStep 3b: Column, row, or cell-level permissionsStep 4: Configure Glue and Lake Formation
+Step 1: Set up a runtime roleStep 2: Launch a clusterStep 3: Column, row, or cell-level permissionsStep 4: Configure Glue and Lake Formation
@@ -76 +76 @@ Now you’re ready to launch an EMR cluster with the security configuration that
-## Step 3a: Set up Lake Formation-based table-level permissions with Amazon EMR runtime roles
+## Step 3: Set up Lake Formation-based column, row, or cell-level permissions with Amazon EMR runtime roles
@@ -78,11 +78 @@ Now you’re ready to launch an EMR cluster with the security configuration that
-If you don't require fine-grained access control at the column, row, or cell level, you can set up table-level permissions with Glue Data Catalog. To enable table-level access, navigate to the AWS Lake Formation console and select the **Application integration settings** option from the **Administration** section in the sidebar. Then, enable the following option and choose **Save** :
-
-**Allow external engines to access data in Amazon S3 locations with full table access**
-
-![Lake Formation external data filtering](/images/emr/latest/ManagementGuide/images/lf-app-integration-table.png)
-
-## Step 3b: Set up Lake Formation-based column, row, or cell-level permissions with Amazon EMR runtime roles
-
-To apply table and column level permissions with Lake Formation, the data lake administrator for Lake Formation must set `Amazon EMR` as the value for the session tag configuration, `AuthorizedSessionTagValue`. Lake Formation uses this session tag to authorize callers and provide access to the data lake. You can set this session tag in the **External data filtering** section of the Lake Formation console. Replace `123456789012` with your own AWS account ID.
-
-![Lake Formation external data filtering](/images/emr/latest/ManagementGuide/images/lf-external-data-filtering.png)
+To apply fine-grained access control at the column, row, or cell level with Lake Formation, the data lake administrator for Lake Formation must set `Amazon EMR` as the value for the session tag configuration, `AuthorizedSessionTagValue`. Lake Formation uses this session tag to authorize callers and provide access to the data lake. You can set this session tag in the **Application integration settings** section of the Lake Formation console. Replace `123456789012` with your own AWS account ID.
@@ -162 +152 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Integrate Amazon EMR with Lake Formation
+Fine-grained access with Lake Formation
@@ -164 +154 @@ Integrate Amazon EMR with Lake Formation
-Hudi and Lake Formation
+Apache Hudi with fine-grained access control