Create an EMR cluster that uses Amazon CloudWatch agent
The procedures in this section describe the steps to create a cluster in Amazon EMR with Amazon CloudWatch agent from the Amazon Web Services Management Console and the Amazon CLI.
Topics
Required IAM permissions for CloudWatch agent
The CloudWatch agent requires the Amazon Identity and Access Management (IAM) cloudwatch:PutMetricData
permission in the Amazon EC2 instance profile for Amazon EMR. The Amazon EMR default role already
has this permission. You can create the default role from the Amazon CLI with aws
emr create-default-roles
. For more information, see Service role for cluster EC2 instances (EC2 instance profile) in the
Amazon EMR Management Guide.
The following example IAM policy includes the
cloudwatch:PutMetricData
permission:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cloudwatch:PutMetricData", "Resource": "*" } ] }
Required CloudWatch agent endpoint
To publish metrics to CloudWatch for an EMR cluster in a private subnet, create a CloudWatch agent endpoint and associate with the VPC that the private subnet is in.
For more information about the CloudWatch endpoints for each Amazon Web Services Region, see Amazon CloudWatch endpoints and quotas in the Amazon General Reference Guide.
Create an EMR cluster
Once you have set up the required permissions and endpoint for use with the CloudWatch agent, use the Amazon Web Services Management Console or the Amazon CLI to create a new cluster with the agent installed.