用于只读访问的 IAM 托管策略(v2 托管默认策略)。 - Amazon EMR
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

用于只读访问的 IAM 托管策略(v2 托管默认策略)。

要向 Amazon EMR 授予只读权限,可附加 AmazonEMRReadOnlyAccessPolicy_v2 托管策略。此默认托管策略将替换 AmazonElasticMapReduceReadOnlyAccess 托管策略。下面的代码段显示了此策略声明的内容。与 AmazonElasticMapReduceReadOnlyAccess 策略相比,AmazonEMRReadOnlyAccessPolicy_v2 策略不使用 elasticmapreduce 元素的通配符。相反,默认的 v2 策略限定了允许的特定 elasticmapreduce 操作。

注意

您还可以使用Amazon Web Services Management Console链接 AmazonEMRReadOnlyAccessPolicy_v2 查看该策略。

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ElasticMapReduceActions", "Action": [ "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "ViewMetricsInEMRConsole", "Action": [ "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": "*" } ] }