Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Amazon EMR on EKS
These example templates show how Amazon Step Functions generates IAM policies based on the resources in your
state machine definition. For more information, see:
CreateVirtualCluster
Resources
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:CreateVirtualCluster"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::{{accountId}}:role/aws-service-role/emr-containers.amazonaws.com/AnAWSServiceRoleForAmazonEMRContainers",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "emr-containers.amazonaws.com"
}
}
}
]
}
DeleteVirtualCluster
Static resources
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster",
"emr-containers:DescribeVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
]
}
]
}
Dynamic resources
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster",
"emr-containers:DescribeVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"emr-containers:DeleteVirtualCluster"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
]
}
]
}
StartJobRun
Static resources
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"emr-containers:DescribeJobRun",
"emr-containers:CancelJobRun"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]/jobruns/*"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/[[virtualClusterId]]"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
}
]
}
Dynamic resources
- Run a Job (.sync)
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"emr-containers:DescribeJobRun",
"emr-containers:CancelJobRun"
],
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
]
}
]
}
- Request Response
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "emr-containers:StartJobRun",
"Resource": [
"arn:aws:emr-containers:{{region}}:{{accountId}}:/virtualclusters/*"
],
"Condition": {
"StringEquals": {
"emr-containers:ExecutionRoleArn": [
"[[executionRoleArn]]"
]
}
}
}
]
}