Amazon EMR updates to AWS managed policies

View details about updates to AWS managed policies for Amazon EMR since this service began tracking these changes.

Change	Description	Date
AmazonEMRServicePolicy_v2 – Update to an existing policy	Added `ec2:CreateVpcEndpoint`, `ec2:ModifyVpcEndpoint`, and `ec2:CreateTags` required for optimal experience, starting with Amazon EMR release 7.5.0.	March 4, 2025
AmazonEMRServicePolicy_v2 – Update to an existing policy	Added `elasticmapreduce:CreatePersistentAppUI`, `elasticmapreduce:DescribePersistentAppUI`, and `elasticmapreduce:GetPersistentAppUIPresignedURL`.	February 28, 2025
EMRDescribeClusterPolicyForEMRWAL – New policy	Added a new policy so that Amazon EMR can determine cluster status for WAL cleanup thirty days after cluster termination.	August 10, 2023
AmazonEMRFullAccessPolicy_v2 and AmazonEMRReadOnlyAccessPolicy_v2 – Update to an existing policy	Added `elasticmapreduce:DescribeReleaseLabel` and `elasticmapreduce:GetAutoTerminationPolicy`.	April 21, 2022
AmazonEMRFullAccessPolicy_v2 – Update to an existing policy	Added `ec2:DescribeImages` for Using a custom AMI to provide more flexibility for Amazon EMR cluster configuration.	February 15, 2022
Amazon EMR managed policies	Updated to clarify use of predefined user tags. Added section on using the AWS console to launch clsuters with v2 managed policies.	September 29, 2021
AmazonEMRFullAccessPolicy_v2 – Update to an existing policy	Changed the `PassRoleForAutoScaling` and `PassRoleForEC2` actions to use the `StringLike` condition operator to match `"iam:PassedToService":"application-autoscaling.amazonaws.com"` and `"iam:PassedToService":"ec2.amazonaws.com"`, respectively.	May 20, 2021
AmazonEMRFullAccessPolicy_v2 – Update to an existing policy	Removed invalid action `s3:ListBuckets` and replaced with `s3:ListAllMyBuckets` action. Updated service-linked role (SLR) creation to be explicitly scoped-down to the only SLR that Amazon EMR has with explicit Service Principles. The SLRs that can be created are exactly the same as before this change.	March 23, 2021
AmazonEMRFullAccessPolicy_v2 – New policy	Amazon EMR added new permissions to scope access to resources and to add a prerequisite that users must add predefined user tag to resources before they can use Amazon EMR managed policies. `iam:PassRole` action requires `iam:PassedToService` condition set to specified service. Access to Amazon EC2, Amazon S3, and other services is not allowed by default.	March 11, 2021
AmazonEMRServicePolicy_v2 – New policy	Adds a prerequisite that users must add user tags to resources before they can use this policy.	March 11, 2021
AmazonEMRReadOnlyAccessPolicy_v2 – New policy	Permissions allow only specified elasticmapreduce read-only actions. Access to Amazon S3 is access not allowed by default.	March 11, 2021
Amazon EMR started tracking changes	Amazon EMR started tracking changes for its AWS managed policies.	March 11, 2021

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

EMRDescribeClusterPolicyForEMRWAL

Policies for tag-based access control