EMR Studio 用户的 Amazon Identity and Access Management 权限 - Amazon EMR
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

EMR Studio 用户的 Amazon Identity and Access Management 权限

下表包括用户可能执行的每个 Amazon EMR Studio 运营,并列出了执行该运营所需的最低 IAM 操作。您允许在 IAM 权限策略(当您使用 IAM 身份验证时)或会话策略(当您使用 Amazon Web Services SSO 身份验证时)中执行这些针对 EMR Studio 的操作。

该表还显示了 EMR Studio 的每个示例权限策略中允许的运营。有关示例权限策略的更多信息,请参阅 为 EMR Studio 用户创建权限策略

操作 基本 中间 Advanced 关联操作
创建和删除 Workspaces
"elasticmapreduce:CreateEditor", "elasticmapreduce:DescribeEditor", "elasticmapreduce:ListEditors", "elasticmapreduce:DeleteEditor"
创建新 EMR 集群时查看与 Studio 相同账户中的 Amazon S3 Control 存储存储桶列表,并在使用 Web UI 调试应用程序时访问容器日志
"s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject"
访问 Workspaces
"elasticmapreduce:DescribeEditor", "elasticmapreduce:ListEditors", "elasticmapreduce:StartEditor", "elasticmapreduce:StopEditor", "elasticmapreduce:OpenEditorInConsole"
附加或分离与 Workspace 关联的现有 Amazon EMR 集群
"elasticmapreduce:AttachEditor", "elasticmapreduce:DetachEditor", "elasticmapreduce:ListClusters", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListBootstrapActions"
附加或分离 Amazon EMR on EKS 集群
"elasticmapreduce:AttachEditor", "elasticmapreduce:DetachEditor", "emr-containers:ListVirtualClusters", "emr-containers:DescribeVirtualCluster", "emr-containers:ListManagedEndpoints", "emr-containers:DescribeManagedEndpoint", "emr-containers:CreateAccessTokenForManagedEndpoint"
使用持久的应用程序用户界面调试 Amazon EMR on EC2 任务
"elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:DescribePersistentAppUI", "elasticmapreduce:GetPersistentAppUIPresignedURL", "elasticmapreduce:ListClusters", "elasticmapreduce:ListSteps", "elasticmapreduce:DescribeCluster", "s3:ListBucket", "s3:GetObject"
使用集群上应用程序用户界面调试 Amazon EMR on EC2 任务
"elasticmapreduce:GetOnClusterAppUIPresignedURL"
使用 Spark 历史记录服务器调试 Amazon EMR on EKS 任务运行
"elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:DescribePersistentAppUI", "elasticmapreduce:GetPersistentAppUIPresignedURL", "emr-containers:ListVirtualClusters", "emr-containers:DescribeVirtualCluster", "emr-containers:ListJobRuns", "emr-containers:DescribeJobRun", "s3:ListBucket", "s3:GetObject"
创建和删除 Git 存储库
"elasticmapreduce:CreateRepository", "elasticmapreduce:DeleteRepository", "elasticmapreduce:ListRepositories", "elasticmapreduce:DescribeRepository", "secretsmanager:CreateSecret", "secretsmanager:ListSecrets", "secretsmanager:TagResource"
链接和取消链接 Git 存储库
"elasticmapreduce:LinkRepository", "elasticmapreduce:UnlinkRepository", "elasticmapreduce:ListRepositories", "elasticmapreduce:DescribeRepository"
根据预定义的集群模板创建新集群
"servicecatalog:SearchProducts", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ProvisionProduct", "servicecatalog:UpdateProvisionedProduct", "servicecatalog:ListProvisioningArtifacts", "servicecatalog:DescribeRecord", "servicecatalog:ListLaunchPaths", "cloudformation:DescribeStackResources", "elasticmapreduce:ListClusters", "elasticmapreduce:DescribeCluster"
通过提供集群配置创建新的集群
"elasticmapreduce:RunJobFlow", "iam:PassRole", "elasticmapreduce:ListClusters", "elasticmapreduce:DescribeCluster"