用于只读访问的 IAM 托管式策略(v2 托管默认策略)。
要向 Amazon EMR 授予只读权限,可附加 AmazonEMRReadOnlyAccessPolicy_v2 托管式策略。此默认托管式策略将替换 AmazonElasticMapReduceReadOnlyAccess 托管式策略。下面的代码段显示了此策略声明的内容。与 AmazonElasticMapReduceReadOnlyAccess 策略相比,AmazonEMRReadOnlyAccessPolicy_v2 策略不使用 elasticmapreduce 元素的通配符。相反,默认的 v2 策略限定了允许的 elasticmapreduce 操作范围。
注意
您还可以使用Amazon Web Services Management Console链接 AmazonEMRReadOnlyAccessPolicy_v2
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ElasticMapReduceActions", "Effect": "Allow", "Action": [ "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeReleaseLabel", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetAutoTerminationPolicy", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Resource": "*" }, { "Sid": "ViewMetricsInEMRConsole", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics" ], "Resource": "*" } ] }