AWS emr documentation change
Summary
Removed a KMS policy example granting Decrypt, Encrypt, and GenerateDataKey permissions
Security assessment
While KMS permissions are security-related, the removal of this example does not explicitly indicate a security fix. It may reflect updated service requirements or documentation streamlining without evidence of addressing a specific vulnerability.
Diff
diff --git a/emr/latest/ReleaseGuide/emr-hive-metastore-glue.md b/emr/latest/ReleaseGuide/emr-hive-metastore-glue.md index 1113aa1bb..9c4c534cf 100644 --- a//emr/latest/ReleaseGuide/emr-hive-metastore-glue.md +++ b//emr/latest/ReleaseGuide/emr-hive-metastore-glue.md @@ -121,18 +120,0 @@ Otherwise, you must add the following statement to the permissions policy attach - - [ - { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey" - ], - "Resource": "arn:aws:kms:region:acct-id:key/12345678-1234-1234-1234-123456789012" - } - ] - } - ] -