Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon Elastic MapReduce

Amazon Elastic MapReduce (service prefix: elasticmapreduce) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon Elastic MapReduce

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AddInstanceGroups Adds instance groups to a running cluster

Write

AddJobFlowSteps Adds new steps to a running job flow

Write

AddTags Adds tags to an Amazon EMR resource

Tagging Write

CancelSteps Cancels a pending step or steps in a running cluster

Write

CreateSecurityConfiguration Creates a security configuration which is stored in the service

Write

DeleteSecurityConfiguration Deletes a security configuration

Write

DescribeCluster Provides cluster-level details including status, hardware and software configuration, VPC settings, and so on

Read Write

DescribeSecurityConfiguration Provides the details of a security configuration by returning the configuration JSON

Read Write

DescribeStep Provides more detail about the cluster step

Read Write

ListBootstrapActions Provides information about the bootstrap actions associated with a cluster

List Read Write

ListClusters Provides the status of all clusters visible to this AWS account

List Read Write

ListInstanceGroups Provides all available details about the instance groups in a cluster

List Read Write

ListInstances Provides information about the cluster instances that Amazon EMR provisions on behalf of a user when it creates the cluster

List Read Write

ListSecurityConfigurations Lists all the security configurations visible to this account, providing their creation dates and times, and their names

List Read Write

ListSteps Provides a list of steps for the cluster

List Read Write

ModifyInstanceGroups Modifies the number of nodes and configuration settings of an instance group

Write

PutAutoScalingPolicy Modifies the number of nodes and configuration settings of an instance group

Write

RemoveAutoScalingPolicy Removes an automatic scaling policy from a specified instance group within an EMR cluster

Write

RemoveTags Removes tags from an Amazon EMR resource

Tagging Write

RunJobFlow Creates and starts running a new job flow

Write Tagging

SetTerminationProtection Locks a job flow so the Amazon EC2 instances in the cluster cannot be terminated by user intervention, an API call, or in the event of a job-flow error

Write

SetVisibleToAllUsers Sets whether all AWS Identity and Access Management (IAM) users under your account can access the specified job flows

Write

TerminateJobFlows Shuts a list of job flows down

Write

ViewEventsFromAllClustersInConsole [permission only] Use the console to view events from all clusters in a region

List Read Write

Resources Defined by EMR

EMR has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon Elastic MapReduce

EMR has no service-specific context keys that can be used in the Condition element of policy statements. For the list of the global context keys that are available to all services, see Available Keys for Conditions in the IAM Policy Reference.