The ability for users to perform certain actions with Amazon EMR is controlled by IAM policies. IAM policies provide fine-grained control over the level of access and the criteria by which Amazon EMR grants access to IAM users.
At a minimum, an IAM user needs the following permission set in their IAM policy to access the Amazon EMR console:
For more information, see Creating and Listing Groups in Using IAM guide.
To add a permission to a user or group, write
a policy that contains the permission and attach the policy to the
user or group. You cannot specify a specific Amazon EMR resource
in a policy, such as a specific cluster. You can only
Deny access to
Amazon EMR API actions.
In an IAM policy, to specify Amazon EMR actions, the action name must be prefixed with the
elasticmapreduce. You use wildcards to specify all actions
related to Amazon EMR. The wildcard
"*" matches zero or multiple characters.
For a complete list of Amazon EMR actions, see the API action names in the Amazon EMR API Reference. For more information about permissions and policies, see Permissions and Policies in theUsing IAM guide.
Users with permission to use Amazon EMR API actions can create and manage clusters as described elsewhere in this guide. Users must use their own AWS access ID and secret key to authenticate Amazon EMR commands. For more information about creating clusters, see Manage Clusters.