AWS emr documentation change
Summary
Updated IAM trust policy examples to include Principal blocks and restructured statements
Security assessment
The change adds Principal (AWS) blocks to IAM policy examples for EMRFS IAM roles, improving security documentation by showing correct trust policy structure. No evidence of a specific security vulnerability.
Diff
diff --git a/emr/latest/ManagementGuide/emr-emrfs-iam-roles.md b/emr/latest/ManagementGuide/emr-emrfs-iam-roles.md index f753fb847..90b275270 100644 --- a//emr/latest/ManagementGuide/emr-emrfs-iam-roles.md +++ b//emr/latest/ManagementGuide/emr-emrfs-iam-roles.md @@ -51,0 +52 @@ JSON + "Sid": "AllowSTSAssumerole", @@ -53,5 +54,4 @@ JSON - "Action": [ - "sts:AssumeRole" - ], - "Resource": "arn:aws:iam::123456789012:role/EMR_EC2_DefaultRole", - "Sid": "AllowSTSAssumerole" + "Principal": { + "AWS": "arn:aws:iam::123456789012:role/EMR_EC2_DefaultRole" + }, + "Action": "sts:AssumeRole" @@ -75,0 +76 @@ JSON + "Sid": "AllowSTSAssumerole", @@ -77,4 +78,2 @@ JSON - "Action": [ - "sts:AssumeRole" - ], - "Resource": [ + "Principal": { + "AWS": [ @@ -83,2 +82,3 @@ JSON - ], - "Sid": "AllowSTSAssumerole" + ] + }, + "Action": "sts:AssumeRole"