AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2025-12-25 · Documentation low

File: emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md

Summary

Updated title to include read/write operations and added S3A configuration properties including credentials provider and security-related settings

Security assessment

Added WebIdentityTokenFileCredentialsProvider for secure credential handling and disabled fastS3PartitionDiscovery (potential data exposure risk mitigation). No evidence of addressing a specific vulnerability.

Diff

diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md
index 284496491..deb79fd54 100644
--- a//emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md
+++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md
@@ -7 +7 @@ PrerequisitesGetting started
-# Uploading data into Amazon S3 Express One Zone with Amazon EMR on EKS
+# Read, Write and Upload data into Amazon S3 Express One Zone with Amazon EMR on EKS
@@ -72 +72,11 @@ To change the s3n scheme, specify the following cluster configurations:
-          "fs.AbstractFileSystem.s3n.impl": "org.apache.hadoop.fs.s3a.S3A"
+          "fs.AbstractFileSystem.s3n.impl": "org.apache.hadoop.fs.s3a.S3A",
+          "fs.s3a.endpoint.region": "us-west-2",
+          "fs.s3a.change.detection.mode": "none",
+          "fs.s3a.select.enabled": "false"
+        }
+      },
+       {
+        "Classification": "spark-defaults",
+        "Properties": {
+          "spark.hadoop.fs.s3a.aws.credentials.provider": "software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider",
+          "spark.sql.sources.fastS3PartitionDiscovery.enabled": "false"