Menu
Amazon EMR
Management Guide

Default IAM Roles for Amazon EMR

To simplify using IAM roles, Amazon EMR has two predefined roles, and two default managed policies, which you can attach by default when creating a cluster:

  • For the Amazon EMR service role, the EMR_DefaultRole role is attached to the AmazonElasticMapReduceRole managed policy.

  • For the Amazon EMR instance profile for Amazon EC2, the EMR_EC2_DefaultRole role is attached to the AmazonElasticMapReduceforEC2Role managed policy.

Note

In addition to these default roles, if you use automatic scaling with Amazon EMR, the feature must have permissions to add and terminate clusters on your behalf. A default role, EMR_AutoScaling_DefaultRole, which is configured with the appropriate role policy and trust policy, is available for this purpose. Automatic scaling uses this IAM role to scale nodes on your behalf. You must add this role to an EMR cluster using --auto-scaling-role EMR_AutoScaling_DefaultRole. It is not added when you use --use-default-roles. For more information, see Using Automatic Scaling in Amazon EMR.

AWS managed policies are policies that are created and managed by AWS to attach to roles required by services. For more information, see Managed Policies and Inline Policies in the IAM User Guide. You can view the most up-to-date managed policies for the Amazon EMR service role and EC2 role in the Policies tab in the IAM console.