Amazon EMR
管理指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 Amazon AWS 入门

私有子网的最低 Amazon S3 策略

对于私有子网,您必须让 Amazon EMR 至少能够访问 Amazon Linux 存储库和 Amazon EMR 服务支持日志存储桶。以下策略提供了这些权限。将 MyRegion 替换为您的日志存储桶所在的区域,例如 us-east-1

{ "Version": "2008-10-17", "Statement": [ { "Sid": "AmazonLinuxAMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::packages.*.amazonaws.com/*", "arn:aws:s3:::repo.*.amazonaws.com/*" ] }, { "Sid": "AccessToEMRLogBucketsForSupport", "Effect": "Allow", "Principal": "*", "Action": [ "s3:Put*", "s3:Get*", "s3:Create*", "s3:Abort*", "s3:List*" ], "Resource": [ "arn:aws:s3:::aws157-logs-prod-MyRegion/*", "arn:aws:s3:::aws157-logs-prod/*" ] } ] }