Amazon Elastic MapReduce
Developer Guide (API Version 2009-03-31)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Set Access Policies for IAM Users

The ability for users to perform certain actions with Amazon EMR is controlled by IAM policies. IAM policies provide fine-grained control over the level of access and the criteria by which Amazon EMR grants access to IAM users.


At a minimum, an IAM user needs the following permission set in their IAM policy to access the Amazon EMR console:


For more information, see Creating and Listing Groups in Using IAM guide.

To add a permission to a user or group, write a policy that contains the permission and attach the policy to the user or group. You cannot specify a specific Amazon EMR resource in a policy, such as a specific cluster. You can only specify Allow or Deny access to Amazon EMR API actions.

In an IAM policy, to specify Amazon EMR actions, the action name must be prefixed with the lowercase string elasticmapreduce. You use wildcards to specify all actions related to Amazon EMR. The wildcard "*" matches zero or multiple characters.

For a complete list of Amazon EMR actions, see the API action names in the Amazon EMR API Reference. For more information about permissions and policies, see Permissions and Policies in theUsing IAM guide.

Users with permission to use Amazon EMR API actions can create and manage clusters as described elsewhere in this guide. Users must use their own AWS access ID and secret key to authenticate Amazon EMR commands. For more information about creating clusters, see Manage Clusters.