AWS emr documentation change
Summary
Updated IAM trust policy example to include Principal block and restructured the statement
Security assessment
The change adds a Principal (Service) block to an IAM policy example for service-linked roles, which is a security best practice. No evidence of a specific security vulnerability.
Diff
diff --git a/emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md b/emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md index 01165c75b..c9a8779f5 100644 --- a//emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md +++ b//emr/latest/EMR-Serverless-UserGuide/using-service-linked-roles.md @@ -122,5 +122,6 @@ JSON - "Action": [ - "sts:AssumeRole" - ], - "Resource": "arn:aws:iam::123456789012:role/aws-service-role/emr-serverless.amazonaws.com/AWSServiceRoleForEMRServerless", - "Sid": "AllowSTSAssumerole" + "Principal": { + "Service": [ + "ops.emr-serverless.amazonaws.com" + ] + }, + "Action": "sts:AssumeRole"