This release adds the capability for users to specify an optional Execution IAM policy in the StartJobRun action. The resulting permissions assumed by the job run is the intersection of the permissions in the Execution Role and the specified Execution IAM Policy.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/emr-serverless/emr-serverless-2021-07-13.api.json

@@ -24,8 +24,8 @@
       "output":{"shape":"CancelJobRunResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ],
       "idempotent":true
     },
@@ -40,8 +40,8 @@
       "output":{"shape":"CreateApplicationResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
         {"shape":"ConflictException"}
       ],
       "idempotent":true
@@ -57,8 +57,8 @@
       "output":{"shape":"DeleteApplicationResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ],
       "idempotent":true
     },
@@ -73,8 +73,8 @@
       "output":{"shape":"GetApplicationResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ]
     },
     "GetDashboardForJobRun":{
@@ -103,8 +103,8 @@
       "output":{"shape":"GetJobRunResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ]
     },
     "ListApplications":{
@@ -132,8 +132,8 @@
       "output":{"shape":"ListJobRunAttemptsResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ]
     },
     "ListJobRuns":{
@@ -161,8 +161,8 @@
       "output":{"shape":"ListTagsForResourceResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ]
     },
     "StartApplication":{
@@ -176,8 +176,8 @@
       "output":{"shape":"StartApplicationResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
       "idempotent":true
@@ -210,8 +210,8 @@
       "output":{"shape":"StopApplicationResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ],
       "idempotent":true
     },
@@ -226,8 +226,8 @@
       "output":{"shape":"TagResourceResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ]
     },
     "UntagResource":{
@@ -241,8 +241,8 @@
       "output":{"shape":"UntagResourceResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ],
       "idempotent":true
     },
@@ -257,8 +257,8 @@
       "output":{"shape":"UpdateApplicationResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
       ]
     }
   },
@@ -370,6 +370,12 @@
         "X86_64"
       ]
     },
+    "Arn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"([    -~… -퟿-�က0-ჿFF]+)"
+    },
     "AttemptNumber":{
       "type":"integer",
       "box":true,
@@ -876,6 +882,13 @@
       "type":"list",
       "member":{"shape":"JobRunAttemptSummary"}
     },
+    "JobRunExecutionIamPolicy":{
+      "type":"structure",
+      "members":{
+        "policy":{"shape":"PolicyDocument"},
+        "policyArns":{"shape":"PolicyArnList"}
+      }
+    },
     "JobRunId":{
       "type":"string",
       "max":64,
@@ -1178,6 +1191,18 @@
       "min":1,
       "pattern":"[A-Za-z0-9_=-]+"
     },
+    "PolicyArnList":{
+      "type":"list",
+      "member":{"shape":"Arn"},
+      "max":10,
+      "min":0
+    },
+    "PolicyDocument":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"([    -ÿ]+)"
+    },
     "PrometheusMonitoringConfiguration":{
       "type":"structure",
       "members":{
@@ -1343,6 +1368,7 @@
           "idempotencyToken":true
         },
         "executionRoleArn":{"shape":"IAMRoleArn"},
+        "executionIamPolicy":{"shape":"JobRunExecutionIamPolicy"},
         "jobDriver":{"shape":"JobDriver"},
         "configurationOverrides":{"shape":"ConfigurationOverrides"},
         "tags":{"shape":"TagMap"},

generator/ServiceModels/emr-serverless/emr-serverless-2021-07-13.docs.json

@@ -103,6 +103,12 @@
         "UpdateApplicationRequest$architecture": "<p>The CPU architecture of an application.</p>"
       }
     },
+    "Arn": {
+      "base": null,
+      "refs": {
+        "PolicyArnList$member": null
+      }
+    },
     "AttemptNumber": {
       "base": null,
       "refs": {
@@ -482,6 +488,12 @@
         "ListJobRunAttemptsResponse$jobRunAttempts": "<p>The array of the listed job run attempt objects.</p>"
       }
     },
+    "JobRunExecutionIamPolicy": {
+      "base": "<p>Optional IAM policy. The resulting job IAM role permissions will be an intersection of the policies passed and the policy associated with your job execution role.</p>",
+      "refs": {
+        "StartJobRunRequest$executionIamPolicy": "<p>You can pass an optional IAM policy. The resulting job IAM role permissions will be an intersection of this policy and the policy associated with your job execution role.</p>"
+      }
+    },
     "JobRunId": {
       "base": null,
       "refs": {
@@ -684,6 +696,18 @@
         "ListJobRunsResponse$nextToken": "<p>The output displays the token for the next set of job run results. This is required for pagination and is available as a response of the previous request.</p>"
       }
     },
+    "PolicyArnList": {
+      "base": null,
+      "refs": {
+        "JobRunExecutionIamPolicy$policyArns": "<p>A list of Amazon Resource Names (ARNs) to use as an execution IAM policy.</p>"
+      }
+    },
+    "PolicyDocument": {
+      "base": null,
+      "refs": {
+        "JobRunExecutionIamPolicy$policy": "<p>An IAM inline policy to use as an execution IAM policy.</p>"
+      }
+    },
     "PrometheusMonitoringConfiguration": {
       "base": "<p>The monitoring configuration object you can configure to send metrics to Amazon Managed Service for Prometheus for a job run.</p>",
       "refs": {