AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2025-10-19 · Documentation low

File: emr/latest/EMR-Serverless-UserGuide/getting-started.md

Summary

Restructured IAM role/policy creation steps, separating policy creation from role creation and updating navigation instructions

Security assessment

The changes clarify security configuration steps (IAM policies/roles) but don't address specific vulnerabilities. The update improves documentation of security-related features (IAM permissions) without evidence of patching a security issue.

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/getting-started.md b/emr/latest/EMR-Serverless-UserGuide/getting-started.md
index d891d208a..dff890b79 100644
--- a//emr/latest/EMR-Serverless-UserGuide/getting-started.md
+++ b//emr/latest/EMR-Serverless-UserGuide/getting-started.md
@@ -53 +53 @@ Console
-  2. In the left navigation pane, choose **Roles**.
+  2. In the left navigation pane, choose **Policies**.
@@ -55 +55 @@ Console
-  3. Choose **Create role**.
+  3. Choose **Create Policy**.
@@ -57,28 +57 @@ Console
-  4. For role type, choose **Custom trust policy** and paste the following trust policy. This allows jobs submitted to your Amazon EMR Serverless applications to access other AWS services on your behalf.
-
-JSON
-
-JSON
-    
-
-****
-    
-    
-        {
-      "Version":"2012-10-17",		 	 	 
-      "Statement": [
-        {
-          "Effect": "Allow",
-          "Action": [
-            "sts:AssumeRole"
-          ],
-          "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole",
-          "Sid": "AllowSTSAssumerole"
-        }
-      ]
-    } 
-    
-
-  5. Choose **Next** to navigate to the **Add permissions** page, then choose **Create policy**.
-
-  6. The **Create policy** page opens on a new tab. Paste the policy JSON below.
+  4. The **Create policy** page opens on a new tab. Select the **Policy editor** as Json and Paste the policy JSON below.
@@ -153 +126,30 @@ JSON
-  7. On the **Review policy** page, enter a name for your policy, such as `EMRServerlessS3AndGlueAccessPolicy`.
+  5. Choose **Next** to enter a name for your policy, such as `EMRServerlessS3AndGlueAccessPolicy` and **Create policy**
+
+  6. In the left navigation pane of IAM console , choose **Roles**.
+
+  7. Choose **Create role**.
+
+  8. For role type, choose **Custom trust policy** and paste the following trust policy. This allows jobs submitted to your Amazon EMR Serverless applications to access other AWS services on your behalf.
+
+JSON
+
+JSON
+    
+
+****
+    
+    
+        {
+      "Version":"2012-10-17",		 	 	 
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "sts:AssumeRole"
+          ],
+          "Resource": "arn:aws:iam::123456789012:role/EMRServerlessExecutionRole",
+          "Sid": "AllowSTSAssumerole"
+        }
+      ]
+    } 
+    
@@ -155 +157 @@ JSON
-  8. Refresh the **Attach permissions policy** page, and choose `EMRServerlessS3AndGlueAccessPolicy`.
+  9. Choose **Next** to navigate to the **Add permissions** page, then choose **EMRServerlessS3AndGlueAccessPolicy**.
@@ -157 +159 @@ JSON
-  9. In the **Name, review, and create** page, for **Role name** , enter a name for your role, for example, `EMRServerlessS3RuntimeRole`. To create this IAM role, choose **Create role**.
+  10. In the **Name, review, and create** page, for **Role name** , enter a name for your role, for example, `EMRServerlessS3RuntimeRole`. To create this IAM role, choose **Create role**.