AWS emr documentation change
Summary
Updated documentation phrasing for clarity and consistency, replacing 'see' with 'refer to', adjusting verb tenses, and strengthening warnings about environment variables and binary modifications.
Security assessment
Changes are primarily grammatical improvements and clarity enhancements. The strengthened warnings about not modifying environment variables (e.g., changing 'You shouldn't' to 'Do not') and binary modifications relate to operational stability rather than addressing specific security vulnerabilities. The existing security best practice mentioning 'aws:SourceArn' was maintained but not substantively changed.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/application-custom-image.md b/emr/latest/EMR-Serverless-UserGuide/application-custom-image.md index 0e6565867..3f3e7f7b5 100644 --- a//emr/latest/EMR-Serverless-UserGuide/application-custom-image.md +++ b//emr/latest/EMR-Serverless-UserGuide/application-custom-image.md @@ -9 +9 @@ PrerequisitesStep 1: Create a custom image from EMR Serverless base imagesStep 2 -Starting with Amazon EMR 6.9.0, you can use custom images to package application dependencies and runtime environments into a single container with Amazon EMR Serverless. This simplifies how you manage workload dependencies and makes your packages more portable. When you customize your EMR Serverless image, it provides the following benefits: +Starting with Amazon EMR 6.9.0, use custom images to package application dependencies and runtime environments into a single container with Amazon EMR Serverless. This simplifies how you manage workload dependencies and makes your packages more portable. When you customize your EMR Serverless image, it provides the following benefits: @@ -11 +11 @@ Starting with Amazon EMR 6.9.0, you can use custom images to package application - * Installs and configures packages that are optimized to your workloads. These packages might not be widely available in the public distribution of Amazon EMR runtime environments. + * Installs and configures packages that are optimized to your workloads. These packages are not widely available in the public distribution of Amazon EMR runtime environments. @@ -22 +22 @@ Starting with Amazon EMR 6.9.0, you can use custom images to package application -EMR Serverless provides images that you can use as your base when you create your own images. The base image provides the essential jars, configuration, and libraries for the image to interact with EMR Serverless. You can find the base image in the [Amazon ECR Public Gallery](https://gallery.ecr.aws/emr-serverless/). Use the image that matches your application type (Spark or Hive) and release version. For example, if you create an application on Amazon EMR release 6.9.0, use the following images. +EMR Serverless provides images that use as your base when you create your own images. The base image provides the essential jars, configuration, and libraries for the image to interact with EMR Serverless. You can find the base image in the [Amazon ECR Public Gallery](https://gallery.ecr.aws/emr-serverless/). Use the image that matches your application type (Spark or Hive) and release version. For example, if you create an application on Amazon EMR release 6.9.0, use the following images. @@ -33 +33 @@ Before you create an EMR Serverless custom image, complete these prerequisites. - 1. Create an Amazon ECR repository in the same AWS Region that you use to launch EMR Serverless applications. To create an Amazon ECR private repository, see [Creating a private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html). + 1. Create an Amazon ECR repository in the same AWS Region that you use to launch EMR Serverless applications. To create an Amazon ECR private repository, refer to [Creating a private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html). @@ -62 +62 @@ JSON -For more examples of Amazon ECR identity-based policies, see [Amazon Elastic Container Registry identity-based policy examples](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.html). +For more examples of Amazon ECR identity-based policies, refer to [Amazon Elastic Container Registry identity-based policy examples](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.html). @@ -69 +69 @@ For more examples of Amazon ECR identity-based policies, see [Amazon Elastic Con -First, create a [Dockerfile](https://docs.docker.com/engine/reference/builder/) that begins with a `FROM` instruction that uses your preferred base image. After the `FROM` instruction, you can include any modification that you want to make to the image. The base image automatically sets the `USER` to `hadoop`. This setting might not have permissions for all the modifications you include. As a workaround, set the `USER` to `root`, modify your image, and then set the `USER` back to `hadoop:hadoop`. To see samples for common use cases, see [Using custom images with EMR Serverless](./using-custom-images.html). +First, create a [Dockerfile](https://docs.docker.com/engine/reference/builder/) that begins with a `FROM` instruction that uses your preferred base image. After the `FROM` instruction, include any modification that you want to make to the image. The base image automatically sets the `USER` to `hadoop`. This setting does not have permissions for all the modifications you include. As a workaround, set the `USER` to `root`, modify your image, and then set the `USER` back to `hadoop:hadoop`. To refer to samples for common use cases, refer to [Using custom images with EMR Serverless](./using-custom-images.html). @@ -78 +78 @@ First, create a [Dockerfile](https://docs.docker.com/engine/reference/builder/) - # EMRS will run the image as hadoop + # EMRS runs the image as hadoop @@ -89 +89 @@ After you have the Dockerfile, build the image with the following command. -EMR Serverless provides an offline tool that can statically check your custom image to validate basic files, environment variables, and correct image configurations. For information on how to install and run the tool, see [the Amazon EMR Serverless Image CLI GitHub](https://github.com/awslabs/amazon-emr-serverless-image-cli). +EMR Serverless provides an offline tool that can statically check your custom image to validate basic files, environment variables, and correct image configurations. For information on how to install and run the tool, refer to [the Amazon EMR Serverless Image CLI GitHub](https://github.com/awslabs/amazon-emr-serverless-image-cli). @@ -98 +98 @@ After you install the tool, run the following command to validate an image: -You should see an output similar to the following. +The output appears similar to the following. @@ -131 +131 @@ You should see an output similar to the following. -Push your Amazon ECR image to your Amazon ECR repository with the following commands. Ensure you have the correct IAM permissions to push the image to your repository. For more information, see [Pushing an image](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-push.html) in the _Amazon ECR User Guide_. +Push your Amazon ECR image to your Amazon ECR repository with the following commands. Ensure you have the correct IAM permissions to push the image to your repository. For more information, refer to [Pushing an image](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-push.html) in the _Amazon ECR User Guide_. @@ -232 +232 @@ JSON -As a security best practice, add an `aws:SourceArn` condition key to the repository policy. The IAM global condition key `aws:SourceArn` ensures that EMR Serverless uses the repository only for an application ARN. For more information on Amazon ECR repository policies, see [Creating a private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html). +As a security best practice, add an `aws:SourceArn` condition key to the repository policy. The IAM global condition key `aws:SourceArn` ensures that EMR Serverless uses the repository only for an application ARN. For more information on Amazon ECR repository policies, refer to [Creating a private repository](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html). @@ -242 +242 @@ When you work with custom images, consider the following: - * You shouldn't modify environment variables `JAVA_HOME`, `SPARK_HOME`, `HIVE_HOME`, `TEZ_HOME` when you create a custom image. + * Do not modify environment variables `JAVA_HOME`, `SPARK_HOME`, `HIVE_HOME`, `TEZ_HOME` when you create a custom image. @@ -246 +246 @@ When you work with custom images, consider the following: - * If you modify binaries or jars in the Amazon EMR base images, it might cause application or job launch failures. + * If you modify binaries or jars in the Amazon EMR base images, this can cause application or job launch failures. @@ -248 +248 @@ When you work with custom images, consider the following: - * The Amazon ECR repository should be in the same AWS Region that you use to launch EMR Serverless applications. + * The Amazon ECR repository must be in the same AWS Region that you use to launch EMR Serverless applications.