Amazon EMR
管理指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

指定 AWS 服务角色

每个 EMR 笔记本都需要权限来访问其他 AWS 资源和执行操作。笔记本的 AWS 服务角色定义了这些权限。附加到该服务角色的 IAM 策略为集群提供了与其他 AWS 服务进行交互操作的权限。

EMR 笔记本的默认服务角色是 EMR_Notebooks_DefaultRole。附加到该角色的默认权限策略是默认托管策略 EMRNotebooksDefaultRolePolicy。下面列出了该策略的内容:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeSubnets", "elasticmapreduce:ListInstances", "elasticmapreduce:DescribeCluster" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "aws:elasticmapreduce:editor-id", "aws:elasticmapreduce:job-flow-id" ] } } } ] }

默认角色还附加了 S3FullAccessPolicy 。该策略的内容如下所示:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] }