AWS emr documentation change
Summary
Replaced 'recommend' with 'suggest' in multiple security-related best practice statements (SSL, Secrets Manager, IAM roles, blocking public access, audit logging, encryption).
Security assessment
The changes soften the language of existing security recommendations but do not remove or alter the actual security practices (SSL, encryption, access controls). The documentation still adds security guidance, though the wording is less authoritative. No evidence of addressing a specific vulnerability.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-considerations.md b/emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-considerations.md index dce707434..2159cf2ba 100644 --- a//emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-considerations.md +++ b//emr/latest/EMR-Serverless-UserGuide/emr-spark-redshift-considerations.md @@ -7 +7 @@ - * We recommend that you turn on SSL for the JDBC connection from Spark on Amazon EMR to Amazon Redshift. + * We suggest that you turn on SSL for the JDBC connection from Spark on Amazon EMR to Amazon Redshift. @@ -9 +9 @@ - * We recommend that you manage the credentials for the Amazon Redshift cluster in AWS Secrets Manager as a best practice. See [Using AWS Secrets Manager to retrieve credentials for connecting to Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html) for an example. + * We suggest that you manage the credentials for the Amazon Redshift cluster in AWS Secrets Manager as a best practice. Refer to [Using AWS Secrets Manager to retrieve credentials for connecting to Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html) for an example. @@ -11 +11 @@ - * We recommend that you pass an IAM role with the parameter `aws_iam_role` for the Amazon Redshift authentication parameter. + * We suggest that you pass an IAM role with the parameter `aws_iam_role` for the Amazon Redshift authentication parameter. @@ -19 +19 @@ - * We recommend that you block public access to the Amazon Redshift cluster. + * We suggest that you block public access to the Amazon Redshift cluster. @@ -21 +21 @@ - * We recommend that you turn on [Amazon Redshift audit logging](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html). + * We suggest that you turn on [Amazon Redshift audit logging](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html). @@ -23 +23 @@ - * We recommend that you turn on [Amazon Redshift at-rest encryption](https://docs.aws.amazon.com/redshift/latest/mgmt/security-server-side-encryption.html). + * We suggest that you turn on [Amazon Redshift at-rest encryption](https://docs.aws.amazon.com/redshift/latest/mgmt/security-server-side-encryption.html). @@ -27 +27 @@ - * We recommend that you [block public access to Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html). + * We suggest that you [block public access to Amazon S3 buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html). @@ -29 +29 @@ - * We recommend that you use [Amazon S3 server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) to encrypt the Amazon S3 buckets used. + * We suggest that you use [Amazon S3 server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html) to encrypt the Amazon S3 buckets used. @@ -31 +31 @@ - * We recommend that you use [Amazon S3 lifecycle policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) to define the retention rules for the Amazon S3 bucket. + * We suggest that you use [Amazon S3 lifecycle policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html) to define the retention rules for the Amazon S3 bucket.