AWS emr documentation change
Summary
Updated IAM trust policy example to include Principal block and restructured the statement
Security assessment
The change adds a Principal (AWS) block to an IAM policy example for cross-account access, improving security documentation. No evidence of a specific security vulnerability.
Diff
diff --git a/emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md b/emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md index 63315984b..923d1aefb 100644 --- a//emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md +++ b//emr/latest/EMR-on-EKS-DevelopmentGuide/security-cross-account.md @@ -115,0 +116 @@ JSON + "Sid": "AllowSTSAssumerole", @@ -117,7 +118,4 @@ JSON - "Action": [ - "sts:AssumeRole" - ], - "Resource": [ - "arn:aws:iam::*:role/Job-Execution-Role-A" - ], - "Sid": "AllowSTSAssumerole" + "Principal": { + "AWS": "arn:aws:iam::123456789012:role/Job-Execution-Role-A" + }, + "Action": "sts:AssumeRole"