|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
In the IAM console, you can select an Amazon EMR policy template to set IAM account permissions for access to Amazon EMR. Or you can create a custom policy using the following examples as guidelines. Amazon EMR provides the following policy templates:
Amazon Elastic MapReduce Full Access—Provides access to all Amazon EMR functionality.
Amazon Elastic MapReduce Read Only Access—Provides access to view details and debugging information about clusters.
For more information, go to Creating and Listing Groups in Using IAM.
To add a permission to a user or group, write
a policy that contains the permission and attach the policy to the
user or group. You cannot specify a specific Amazon EMR resource
in a policy, such as a specific cluster. You can only
Deny access to
Amazon EMR API actions.
In an IAM policy, to specify Amazon EMR actions, the action
name must be prefixed with the lowercase string
elasticmapreduce. You use wildcards to specify all actions
related to Amazon EMR. The wildcard
"*" matches zero
or multiple characters.
For a complete list of Amazon EMR actions, refer to the API action names in the Amazon EMR API Reference. For more information about permissions and policies go to Permissions and Policies in the Using AWS Identity and Access Management guide.
Users with permission to use Amazon EMR API actions can create and manage clusters as described elsewhere in this guide. Users must use their own AWS Access ID and secret key to authenticate Amazon EMR commands. For more information about creating clusters, go to Manage Clusters.