AWS emr medium security documentation change
Summary
Changed IAM action from '["sts:AssumeRole", "sts:TagSession"]' to single 'sts:AssumeRole'
Security assessment
Removes unnecessary sts:TagSession permission, reducing potential privilege abuse risks
Diff
diff --git a/emr/latest/ManagementGuide/emr-ranger-iam-ranger.md b/emr/latest/ManagementGuide/emr-ranger-iam-ranger.md index 92ad86a8d..e035fe674 100644 --- a//emr/latest/ManagementGuide/emr-ranger-iam-ranger.md +++ b//emr/latest/ManagementGuide/emr-ranger-iam-ranger.md @@ -83 +83 @@ The IAM role for Apache Ranger is assumed by the EC2 Instance Profile Role. Use - "Action": ["sts:AssumeRole", "sts:TagSession"] + "Action": "sts:AssumeRole"