AWS emr documentation change
Summary
Updated title to include read/write operations and added S3A configuration properties including credentials provider and security-related settings
Security assessment
Added WebIdentityTokenFileCredentialsProvider for secure credential handling and disabled fastS3PartitionDiscovery (potential data exposure risk mitigation). No evidence of addressing a specific vulnerability.
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md index 284496491..deb79fd54 100644 --- a//emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md +++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/upload-data-s3-express.md @@ -7 +7 @@ PrerequisitesGetting started -# Uploading data into Amazon S3 Express One Zone with Amazon EMR on EKS +# Read, Write and Upload data into Amazon S3 Express One Zone with Amazon EMR on EKS @@ -72 +72,11 @@ To change the s3n scheme, specify the following cluster configurations: - "fs.AbstractFileSystem.s3n.impl": "org.apache.hadoop.fs.s3a.S3A" + "fs.AbstractFileSystem.s3n.impl": "org.apache.hadoop.fs.s3a.S3A", + "fs.s3a.endpoint.region": "us-west-2", + "fs.s3a.change.detection.mode": "none", + "fs.s3a.select.enabled": "false" + } + }, + { + "Classification": "spark-defaults", + "Properties": { + "spark.hadoop.fs.s3a.aws.credentials.provider": "software.amazon.awssdk.auth.credentials.WebIdentityTokenFileCredentialsProvider", + "spark.sql.sources.fastS3PartitionDiscovery.enabled": "false"