AWS emr documentation change
Summary
Updated IAM trust policy example to include Principal block and restructured the statement
Security assessment
The change adds a Principal (AWS) block to an IAM policy example for cross-account DynamoDB connector, improving security documentation. No evidence of a specific security issue being addressed.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md b/emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md index d8159f186..80537f3dc 100644 --- a//emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md +++ b//emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md @@ -38,0 +39 @@ JSON + "Sid": "AllowSTSAssumerole", @@ -40,5 +41,4 @@ JSON - "Action": [ - "sts:AssumeRole" - ], - "Resource": "arn:aws:iam::123456789012:role/Job-Execution-Role-A", - "Sid": "AllowSTSAssumerole" + "Principal": { + "AWS": "arn:aws:iam::123456789012:role/Job-Execution-Role-A" + }, + "Action": "sts:AssumeRole"