AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2026-04-25 · Documentation medium

File: emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md

Summary

Updated IAM trust policy example to include Principal block and restructured the statement

Security assessment

The change adds a Principal (AWS) block to an IAM policy example for cross-account DynamoDB connector, improving security documentation. No evidence of a specific security issue being addressed.

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md b/emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md
index d8159f186..80537f3dc 100644
--- a//emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md
+++ b//emr/latest/EMR-Serverless-UserGuide/using-ddb-connector-xaccount.md
@@ -38,0 +39 @@ JSON
+              "Sid": "AllowSTSAssumerole",
@@ -40,5 +41,4 @@ JSON
-              "Action": [
-                "sts:AssumeRole"
-              ],
-              "Resource": "arn:aws:iam::123456789012:role/Job-Execution-Role-A",
-              "Sid": "AllowSTSAssumerole"
+              "Principal": {
+                "AWS": "arn:aws:iam::123456789012:role/Job-Execution-Role-A"
+              },
+              "Action": "sts:AssumeRole"