Menu
Amazon EMR
Management Guide

Launch a Cluster with IAM Roles

The IAM user creating clusters needs permissions to retrieve and assign roles to Amazon EMR and EC2 instances. If the IAM user lacks these permissions, you get the error User account is not authorized to call EC2. You assign the correct role by creating the default roles as discussed in Default IAM Roles for Amazon EMR.

To launch a cluster with IAM roles using the console

  1. Open the Amazon EMR console at https://console.aws.amazon.com/elasticmapreduce/.

  2. Choose Create cluster.

  3. For IAM Roles, choose Default or Custom.

    1. If you choose Default, you can optionally click View policies for default roles.

    2. If you choose Custom, specify the IAM roles using the EMR role and EC2 instance profile fields. For more information, see Create and Use IAM Roles with the Amazon EMR Console

To launch a cluster with IAM roles using the AWS CLI

You can specify an Amazon EMR service role and EC2 instance profile using the AWS CLI. When launching a cluster, type the create-cluster subcommand with the --service-role and --ec2-attributes InstanceProfile parameters.

  • Type the following command to specify an Amazon EMR role and EC2 instance profile when launching a cluster. This example uses the default Amazon EMR role, EMR_DefaultRole, and the default EC2 instance profile, EMR_EC2_DefaultRole.

    Copy
    aws emr create-cluster --name "Test cluster" --release-label emr-4.1.0 --applications Name=Hive Name=Pig --service-role EMR_DefaultRole --ec2-attributes InstanceProfile=EMR_EC2_DefaultRole,KeyName=myKey --instance-type m3.xlarge --instance-count 3

    Alternatively, you can use the --use-default-roles option, which assumes those roles have been created:

    Copy
    aws emr create-cluster --name "Test cluster" --release-label emr-4.1.0 --applications Name=Hive Name=Pig --use-default-roles --ec2-attributes KeyName=myKey --instance-type m3.xlarge --instance-count 3

    Another alternative is to set the service role and the instance profile located in the AWS CLI configuration file. For more information, see Create and Use IAM Roles for Amazon EMR

    Note

    When you specify the instance count without using the --instance-groups parameter, a single master node is launched, and the remaining instances are launched as core nodes. All nodes use the instance type specified in the command.

    For more information, see Amazon EMR commands in the AWS CLI.