AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2026-03-19 · Documentation medium

File: emr/latest/ReleaseGuide/spark-troubleshooting-agent-troubleshooting.md

Summary

Added documentation about data handling for Spark Troubleshooting Agent, explaining PII masking and cross-region inference behavior

Security assessment

The change adds security documentation about data privacy (PII masking) and data residency, but there's no evidence it addresses a specific security vulnerability. It's informational documentation about security features.

Diff

diff --git a/emr/latest/ReleaseGuide/spark-troubleshooting-agent-troubleshooting.md b/emr/latest/ReleaseGuide/spark-troubleshooting-agent-troubleshooting.md
index 817b54cea..a9b4bc14d 100644
--- a//emr/latest/ReleaseGuide/spark-troubleshooting-agent-troubleshooting.md
+++ b//emr/latest/ReleaseGuide/spark-troubleshooting-agent-troubleshooting.md
@@ -94,0 +95,4 @@ Please refer to [Prompt Examples](./spark-troubleshooting-agent-prompt-examples.
+### 3\. What data is transmitted to the LLM and how is it handled?
+
+Customer data and files remain within your chosen AWS Region and are not transmitted cross-region. When the agent operates in a Region that uses global cross-region inference from Amazon Bedrock, the service may route requests to the nearest Region with available capacity depending on demand. In such cases, only extracted metadata from customer logs and processed inference results are transmitted, not the underlying customer data or files. All data is PII-masked before it is sent to the LLM for processing, whether the inference occurs within the same Region or is routed to another Region. For more details on how cross-region inference works and which Regions are affected, see [Cross-Region Processing for the Apache Spark Troubleshooting Agent](./spark-troubleshooting-cross-region-processing.html).
+