AWS emr documentation change
Summary
Added documentation about configuring Lake Formation integration with IAM Identity Center, including requirements for Trusted Identity Propagation and database permissions
Security assessment
The changes document security-related configuration steps for fine-grained access controls using Lake Formation and Trusted Identity Propagation. While this adds security documentation, there is no evidence of addressing a specific vulnerability or security incident.
Diff
diff --git a/emr/latest/ManagementGuide/emr-idc-considerations.md b/emr/latest/ManagementGuide/emr-idc-considerations.md index 75a06bb16..6b05592df 100644 --- a//emr/latest/ManagementGuide/emr-idc-considerations.md +++ b//emr/latest/ManagementGuide/emr-idc-considerations.md @@ -16,0 +17,4 @@ Consider the following points when you use IAM Identity Center with Amazon EMR: + * Fine-grained access controls using AWS Lake Formation that use Trusted Identity Propagation will need to update Lake Formation Identity Center configuration by adding EMR managed IAM Identity application arn as authorized target. You can find Amazon EMR managed IAM Identity application ARN by calling EMR `describe-security-configure` API and look for field ``IdCApplicationARN``. More details: [Updating IAM Identity Center integration](https://docs.aws.amazon.com/lake-formation/latest/dg/update-lf-identity-center-connection.html) on how to setup Lake Formation with IAM Identity Center configuration. + + * To use Fine-grained access controls using AWS Lake Formation that use Trusted Identity Propagation, IAM Identity users should be granted Lake Formation permissions on default database. More details: [Configure Lake Formation for an IAM Identity Center enabled EMR cluster](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-idc-lf.html). +