AWS emr documentation change
Summary
Wording changes in log encryption documentation including 'must' to 'give' and 'recommend' to 'suggest' in security best practice guidance
Security assessment
Changes are linguistic adjustments to existing security documentation without introducing new security features or addressing specific vulnerabilities. The KMS key policy recommendations remain substantively unchanged.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/jobs-log-encryption.md b/emr/latest/EMR-Serverless-UserGuide/jobs-log-encryption.md index b15a40bcb..f4d09d192 100644 --- a//emr/latest/EMR-Serverless-UserGuide/jobs-log-encryption.md +++ b//emr/latest/EMR-Serverless-UserGuide/jobs-log-encryption.md @@ -113 +113 @@ JSON -To launch the Spark or Tez UI, you must give your users, groups, or roles permissions to access the `emr-serverless:GetDashboardForJobRun` API as follows: +To launch the Spark or Tez UI, give your users, groups, or roles permissions to access the `emr-serverless:GetDashboardForJobRun` API as follows: @@ -141 +141 @@ JSON -When you encrypt logs with your own encryption key either in managed storage or in your S3 buckets, you must configure KMS key permissions as follows. +When you encrypt logs with your own encryption key either in managed storage or in your S3 buckets, configure KMS key permissions as follows. @@ -163 +163 @@ The `emr-serverless.amazonaws.com` principal must have the following permissions -As a security best practice, we recommend that you add an `aws:SourceArn` condition key to the KMS key policy. The IAM global condition key `aws:SourceArn` helps ensure that EMR Serverless uses the KMS key only for an application ARN. +As a security best practice, we suggest that you add an `aws:SourceArn` condition key to the KMS key policy. The IAM global condition key `aws:SourceArn` helps ensure that EMR Serverless uses the KMS key only for an application ARN.