AWS emr documentation change
Summary
Minor wording changes (e.g., 'you can use' to 'use', 'See' to 'Refer to') and grammatical improvements. No substantive technical changes to security guidance.
Security assessment
Changes are editorial in nature, clarifying existing security recommendations (like using IAM roles instead of credentials in URLs) but do not introduce new security content or address vulnerabilities.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-auth.md b/emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-auth.md index 8ca340ecf..99c1c4bdd 100644 --- a//emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-auth.md +++ b//emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-auth.md @@ -42 +42 @@ If you pass the database credentials in the URL, anyone who has access to the UR -If security isn't a concern for your application, you can use the following format to set the username and password in the JDBC URL: +If security isn't a concern for your application, use the following format to set the username and password in the JDBC URL: @@ -51 +51 @@ Starting with Amazon EMR Serverless release 6.9.0, the Amazon Redshift JDBC driv -Instead, you can specify `jdbc:redshift:iam://` scheme. This commands the JDBC driver to use your EMR Serverless job execution role to fetch the credentials automatically. See [Configure a JDBC or ODBC connection to use IAM credentials](https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-configure-jdbc-odbc.html) in the _Amazon Redshift Management Guide_ for more information. An example of this URL is: +Instead, specify `jdbc:redshift:iam://` scheme. This commands the JDBC driver to use your EMR Serverless job execution role to fetch the credentials automatically. Refer to [Configure a JDBC or ODBC connection to use IAM credentials](https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-configure-jdbc-odbc.html) in the _Amazon Redshift Management Guide_ for more information. An example of this URL is: @@ -67 +67 @@ Permission | Conditions when required for job execution role -When you set up a provisioned Amazon Redshift cluster or Amazon Redshift Serverless workgroup under a VPC, you must configure VPC connectivity for your Amazon EMR Serverless application to access to the resources. For more information on how to configure VPC connectivity on an EMR Serverless application, see [Configuring VPC access for EMR Serverless applications to connect to data](./vpc-access.html). +When you set up a provisioned Amazon Redshift cluster or Amazon Redshift Serverless workgroup under a VPC, configure VPC connectivity for your Amazon EMR Serverless application to access to the resources. For more information on how to configure VPC connectivity on an EMR Serverless application, refer to [Configuring VPC access for EMR Serverless applications to connect to data](./vpc-access.html). @@ -69 +69 @@ When you set up a provisioned Amazon Redshift cluster or Amazon Redshift Serverl - * If your provisioned Amazon Redshift cluster or Amazon Redshift Serverless workgroup is publicly accessible, you can specify one or more private subnets that have a NAT gateway attached when you create EMR Serverless applications. + * If your provisioned Amazon Redshift cluster or Amazon Redshift Serverless workgroup is publicly accessible, specify one or more private subnets that have a NAT gateway attached when you create EMR Serverless applications.