AWS Security ChangesHomeSearch

AWS emr documentation change

Service: emr · 2026-04-25 · Documentation medium

File: emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md

Summary

Updated IAM trust policy example to include Principal block and restructured the statement

Security assessment

The change adds a Principal (Service) block to an IAM policy example for service-linked roles, which is a security best practice. No evidence of a specific security vulnerability.

Diff

diff --git a/emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md b/emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md
index 01165c75b..c9a8779f5 100644
--- a//emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md
+++ b//emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md
@@ -122,5 +122,6 @@ JSON
-          "Action": [
-            "sts:AssumeRole"
-          ],
-          "Resource": "arn:aws:iam::123456789012:role/aws-service-role/emr-serverless.amazonaws.com/AWSServiceRoleForEMRServerless",
-          "Sid": "AllowSTSAssumerole"
+          "Principal": {
+            "Service": [
+              "ops.emr-serverless.amazonaws.com"
+            ]
+          },
+          "Action": "sts:AssumeRole"