AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2026-04-25 · Documentation medium

File: emr/latest/EMR-Serverless-UserGuide/secrets-manager.md

Summary

Fixed a typo and updated IAM policy example to include Principal block and restructure the statement

Security assessment

The change adds a Principal (Service) block to an IAM policy example for Secrets Manager access, which is a security best practice. The typo fix and restructuring improve clarity but do not address a specific security vulnerability.

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/secrets-manager.md b/emr/latest/EMR-Serverless-UserGuide/secrets-manager.md
index 6cfc16ad1..d25883379 100644
--- a//emr/latest/EMR-Serverless-UserGuide/secrets-manager.md
+++ b//emr/latest/EMR-Serverless-UserGuide/secrets-manager.md
@@ -33 +33 @@ The following examples demonstrate how to provide a secret in a configuration cl
-In the examples, replace ``SecretName`` with the name of the secret to retrieve. . For more information, refer to How to create a secret.
+In the examples, replace ``SecretName`` with the name of the secret to retrieve. For more information, refer to How to create a secret.
@@ -149,0 +150 @@ JSON
+          "Sid": "AllowSECRETSMANAGERGetsecretvalue",
@@ -150,0 +152,5 @@ JSON
+          "Principal": {
+            "Service": [
+              "emr-serverless.amazonaws.com"
+            ]
+          },
@@ -162,2 +168 @@ JSON
-          },
-          "Sid": "AllowSECRETSMANAGERGetsecretvalue"
+          }