Amazon EMR updates to Amazon managed policies - Amazon EMR
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon EMR updates to Amazon managed policies

View details about updates to Amazon managed policies for Amazon EMR since this service began tracking these changes.

Change Description Date
EMRDescribeClusterPolicyForEMRWAL – New policy Added a new policy so that Amazon EMR can determine cluster status for WAL cleanup thirty days after cluster termination. August 10, 2023
AmazonEMRFullAccessPolicy_v2 and AmazonEMRReadOnlyAccessPolicy_v2 – Update to an existing policy Added elasticmapreduce:DescribeReleaseLabel and elasticmapreduce:GetAutoTerminationPolicy. April 21, 2022
AmazonEMRFullAccessPolicy_v2 – Update to an existing policy Added ec2:DescribeImages for Using a custom AMI. February 15, 2022

Amazon EMR managed policies

Updated to clarify use of predefined user tags.

Added section on using the Amazon console to launch clsuters with v2 managed policies.

 September 29, 2021

AmazonEMRFullAccessPolicy_v2 – Update to an existing policy

 Changed the PassRoleForAutoScaling and PassRoleForEC2 actions to use the StringLike condition operator to match "iam:PassedToService":"application-autoscaling.amazonaws.com*" and "iam:PassedToService":"ec2.amazonaws.com*", respectively. May 20, 2021

AmazonEMRFullAccessPolicy_v2 – Update to an existing policy

Removed invalid action s3:ListBuckets and replaced with s3:ListAllMyBuckets action.

Updated service-linked role (SLR) creation to be explicitly scoped-down to the only SLR that Amazon EMR has with explicit Service Principles. The SLRs that can be created are exactly the same as before this change.

 March 23, 2021

AmazonEMRFullAccessPolicy_v2 – New policy

Amazon EMR added new permissions to scope access to resources and to add a prerequisite that users must add predefined user tag to resources before they can use Amazon EMR managed policies.

iam:PassRole action requires iam:PassedToService condition set to specified service. Access to Amazon EC2, Amazon S3, and other services is not allowed by default.

March 11, 2021
AmazonEMRServicePolicy_v2 – New policy

Adds a prerequisite that users must add user tags to resources before they can use this policy.

 March 11, 2021
AmazonEMRReadOnlyAccessPolicy_v2 – New policy

Permissions allow only specified elasticmapreduce read-only actions. Access to Amazon S3 is access not allowed by default.

 March 11, 2021

Amazon EMR started tracking changes

Amazon EMR started tracking changes for its Amazon managed policies.

 March 11, 2021