AWS emr documentation change
Summary
Restructured IAM role/policy creation steps, separating policy creation from role creation and updating navigation instructions
Security assessment
The changes clarify security configuration steps (IAM policies/roles) but don't address specific vulnerabilities. The update improves documentation of security-related features (IAM permissions) without evidence of patching a security issue.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/getting-started.md b/emr/latest/EMR-Serverless-UserGuide/getting-started.md index d891d208a..dff890b79 100644 --- a//emr/latest/EMR-Serverless-UserGuide/getting-started.md +++ b//emr/latest/EMR-Serverless-UserGuide/getting-started.md @@ -53 +53 @@ Console - 2. In the left navigation pane, choose **Roles**. + 2. In the left navigation pane, choose **Policies**. @@ -55 +55 @@ Console - 3. Choose **Create role**. + 3. Choose **Create Policy**. @@ -57,28 +57 @@ Console - 4. For role type, choose **Custom trust policy** and paste the following trust policy. This allows jobs submitted to your Amazon EMR Serverless applications to access other AWS services on your behalf. - -JSON - -JSON - - -**** - - - { - "Version":"2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "sts:AssumeRole" - ], - "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole", - "Sid": "AllowSTSAssumerole" - } - ] - } - - - 5. Choose **Next** to navigate to the **Add permissions** page, then choose **Create policy**. - - 6. The **Create policy** page opens on a new tab. Paste the policy JSON below. + 4. The **Create policy** page opens on a new tab. Select the **Policy editor** as Json and Paste the policy JSON below. @@ -153 +126,30 @@ JSON - 7. On the **Review policy** page, enter a name for your policy, such as `EMRServerlessS3AndGlueAccessPolicy`. + 5. Choose **Next** to enter a name for your policy, such as `EMRServerlessS3AndGlueAccessPolicy` and **Create policy** + + 6. In the left navigation pane of IAM console , choose **Roles**. + + 7. Choose **Create role**. + + 8. For role type, choose **Custom trust policy** and paste the following trust policy. This allows jobs submitted to your Amazon EMR Serverless applications to access other AWS services on your behalf. + +JSON + +JSON + + +**** + + + { + "Version":"2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "sts:AssumeRole" + ], + "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole", + "Sid": "AllowSTSAssumerole" + } + ] + } + @@ -155 +157 @@ JSON - 8. Refresh the **Attach permissions policy** page, and choose `EMRServerlessS3AndGlueAccessPolicy`. + 9. Choose **Next** to navigate to the **Add permissions** page, then choose **EMRServerlessS3AndGlueAccessPolicy**. @@ -157 +159 @@ JSON - 9. In the **Name, review, and create** page, for **Role name** , enter a name for your role, for example, `EMRServerlessS3RuntimeRole`. To create this IAM role, choose **Create role**. + 10. In the **Name, review, and create** page, for **Role name** , enter a name for your role, for example, `EMRServerlessS3RuntimeRole`. To create this IAM role, choose **Create role**.