Politiche di esempio per sottoreti private che accedono ad Amazon S3 - Amazon EMR

Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.

Politiche di esempio per sottoreti private che accedono ad Amazon S3

Per le sottoreti private, devi almeno consentire ad Amazon di accedere EMR ai repository Amazon Linux. Questa politica di sottorete privata fa parte delle politiche degli VPC endpoint per l'accesso ad Amazon S3. Con Amazon EMR 5.25.0 o versioni successive, per consentire l'accesso con un clic al server di cronologia Spark persistente, devi consentire ad Amazon di accedere EMR al bucket di sistema che raccoglie i registri degli eventi Spark. Se abiliti la registrazione, fornisci le autorizzazioni a un bucket. PUT aws157-logs-* Per ulteriori informazioni, consulta Accesso con un clic a Spark History Server persistente.

Spetta a te determinare le restrizioni della policy che soddisfano le esigenze aziendali. La seguente policy di esempio fornisce le autorizzazioni per accedere ai repository Amazon Linux e al bucket di EMR sistema Amazon per la raccolta dei log degli eventi Spark. Mostra alcuni esempi di nomi di risorse per i bucket.

Per ulteriori informazioni sull'utilizzo delle IAM politiche con gli VPC endpoint di Amazon, consulta Politiche degli endpoint per Amazon S3.

Il seguente esempio di policy contiene risorse di esempio nella regione us-east-1.

{ "Version": "2008-10-17", "Statement": [ { "Sid": "AmazonLinuxAMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::packages.us-east-1.amazonaws.com/*", "arn:aws:s3:::repo.us-east-1.amazonaws.com/", "arn:aws:s3:::repo.us-east-1.amazonaws.com/*" ] }, { "Sid": "EnableApplicationHistory", "Effect": "Allow", "Principal": "*", "Action": [ "s3:Put*", "s3:Get*", "s3:Create*", "s3:Abort*", "s3:List*" ], "Resource": [ "arn:aws:s3:::prod.us-east-1.appinfo.src/*" ] } ] }

La policy di seguito fornisce le autorizzazioni necessarie per accedere ai repository Amazon Linux 2. Amazon Linux 2 AMI è l'impostazione predefinita.

{ "Statement": [ { "Sid": "AmazonLinux2AMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*", "arn:aws:s3:::amazonlinux-2-repos-us-east-1/*" ] } ] }

Regioni disponibili

La tabella seguente contiene un elenco di bucket per regione e include sia un Amazon Resource Name (ARN) per il repository sia una stringa che rappresenta il. ARN appinfo.src IlARN, o Amazon Resource Name, è una stringa che identifica in modo univoco una AWS risorsa.

Regione Bucket di repository AppInfo secchio
Stati Uniti orientali (Ohio) «arn:aws:s3::: packages.us-east-2.amazonaws.com/», "arn:aws:s3::: repo.us-east-2.amazonaws.com/», "arn:aws:s3: ::repo.us-east-2.emr.amazonaws.com/*» «arn:aws:s3: :prod.us-east-2.appinfo.src/*»
Stati Uniti orientali (Virginia settentrionale) «arn:aws:s3::: packages.us-east-1.amazonaws.com/», "arn:aws:s3::: repo.us-east-1.amazonaws.com/», "arn:aws:s3: ::repo.us-east-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.us-east-1.appinfo.src/*»
Stati Uniti occidentali (California settentrionale) «arn:aws:s3::: packages.us-west-1.amazonaws.com/», "arn:aws:s3::: repo.us-west-1.amazonaws.com/», "arn:aws:s3: ::repo.us-west-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.us-west-1.appinfo.src/*»
Stati Uniti occidentali (Oregon) «arn:aws:s3::: packages.us-west-2.amazonaws.com/», "arn:aws:s3::: repo.us-west-2.amazonaws.com/», "arn:aws:s3: ::repo.us-west-2.emr.amazonaws.com/*» «arn:aws:s3: :prod.us-west-2.appinfo.src/*»
Africa (Città del Capo) «arn:aws:s3::: packages.af-south-1.amazonaws.com/», "arn:aws:s3::: repo.af-south-1.amazonaws.com/», "arn:aws:s3: ::repo.af-south-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.af-south-1.appinfo.src/*»
Africa (Città del Capo) «arn:aws:s3::: packages.ap-east-1.amazonaws.com/», "arn:aws:s3::: repo.ap-east-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-east-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.ap-east-1.appinfo.src/*»
Asia Pacific (Hyderabad) «arn:aws:s3::: packages.ap-south-2.amazonaws.com/», "arn:aws:s3::: repo.ap-south-2.amazonaws.com/», "arn:aws:s3: ::repo.ap-south-2.emr.amazonaws.com/*» «arn:aws:s3: :prod.ap-south-2.appinfo.src/*»
Asia Pacifico (Giacarta) «arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-southeast-3.appinfo.src/*»
Asia Pacifico (Malesia) «arn:aws:s3::: packages.ap-southeast-5.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-5.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-5.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-southeast-5.appinfo.src/*»
Asia Pacifico (Melbourne) «arn:aws:s3::: packages.ap-southeast-4.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-4.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-4.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-south-2.appinfo.src/*»
Asia Pacifico (Giacarta) «arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-southeast-4.appinfo.src/*»
Asia Pacifico (Mumbai) «arn:aws:s3::: packages.ap-south-1.amazonaws.com/», "arn:aws:s3::: repo.ap-south-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-south-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.ap-south-1.appinfo.src/*»
Asia Pacifico (Osaka-Locale) «arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-southeast-4.appinfo.src/*»
Asia Pacifico (Seoul) «arn:aws:s3::: packages.ap-northeast-2.amazonaws.com/», "arn:aws:s3::: repo.ap-northeast-2.amazonaws.com/», "arn:aws:s3: ::repo.ap-northeast-2.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-northeast-2.appinfo.src/*»
Asia Pacifico (Singapore) «arn:aws:s3::: packages.ap-southeast-1.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-southeast-1.appinfo.src/*»
Asia Pacifico (Sydney) «arn:aws:s3::: packages.ap-southeast-2.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-2.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-2.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-southeast-2.appinfo.src/*»
Asia Pacifico (Tokyo) «arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/», "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-northeast-1.appinfo.src/*»
Canada (Centrale) «arn:aws:s3::: packages.ca-central-1.amazonaws.com/», "arn:aws:s3::: repo.ca-central-1.amazonaws.com/», "arn:aws:s3: ::repo.ca-central-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ca-central-1.appinfo.src/*»
Canada occidentale (Calgary) «arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/», "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.ap-northeast-1.appinfo.src/*»
Europa (Francoforte) «arn:aws:s3::: packages.eu-central-1.amazonaws.com/», "arn:aws:s3::: repo.eu-central-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-central-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.eu-central-1.appinfo.src/*»
Europa (Irlanda) «arn:aws:s3::: packages.eu-west-1.amazonaws.com/», "arn:aws:s3::: repo.eu-west-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-west-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-west-1.appinfo.src/*»
Europa (Londra) «arn:aws:s3::: packages.eu-west-2.amazonaws.com/», "arn:aws:s3::: repo.eu-west-2.amazonaws.com/», "arn:aws:s3: ::repo.eu-west-2.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-west-2.appinfo.src/*»
Europa (Milano) «arn:aws:s3::: packages.eu-south-1.amazonaws.com/», "arn:aws:s3::: repo.eu-south-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-south-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-south-1.appinfo.src/*»
Europa (Parigi) «arn:aws:s3::: packages.eu-west-3.amazonaws.com/», "arn:aws:s3::: repo.eu-west-3.amazonaws.com/», "arn:aws:s3: ::repo.eu-west-3.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-west-3.appinfo.src/*»
Europa (Spagna) «arn:aws:s3::: packages.eu-south-2.amazonaws.com/», "arn:aws:s3::: repo.eu-south-2.amazonaws.com/», "arn:aws:s3: ::repo.eu-south-2.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-south-2.appinfo.src/*»
Europa (Stoccolma) «arn:aws:s3::: packages.eu-north-1.amazonaws.com/», "arn:aws:s3::: repo.eu-north-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-north-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-north-1.appinfo.src/*»
Europa (Zurigo) «arn:aws:s3::: packages.eu-central-2.amazonaws.com/», "arn:aws:s3::: repo.eu-central-2.amazonaws.com/», "arn:aws:s3: ::repo.eu-central-2.emr.amazonaws.com/*» «arn:aws:s3: :prod.eu-central-2.appinfo.src/*»
Israele (Tel Aviv) «arn:aws:s3::: packages.il-central-1.amazonaws.com/», "arn:aws:s3::: repo.il-central-1.amazonaws.com/», "arn:aws:s3: ::repo.il-central-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.il-central-1.appinfo.src/*»
Medio Oriente (Bahrein) «arn:aws:s3::: packages.me-south-1.amazonaws.com/», "arn:aws:s3::: repo.me-south-1.amazonaws.com/», "arn:aws:s3: ::repo.me-south-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.me-south-1.appinfo.src/*»
Medio Oriente (UAE) «arn:aws:s3::: packages.me-central-1.amazonaws.com/», "arn:aws:s3::: repo.me-central-1.amazonaws.com/», "arn:aws:s3: ::repo.me-central-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.me-central-1.appinfo.src/*»
Sud America (San Paolo) «arn:aws:s3::: packages.sa-east-1.amazonaws.com/», "arn:aws:s3::: repo.sa-east-1.amazonaws.com/», "arn:aws:s3: ::repo.sa-east-1.emr.amazonaws.com/*» «arn:aws:s3: ::prod.sa-east-1.appinfo.src/*»
AWS GovCloud (Stati Uniti orientali) «arn:aws:s3: :pacchetti. us-gov-east-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-east-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-east-1.emr.amazonaws.com/*» «arn:aws:s3: :prod. us-gov-east-1.appinfo.src/*»
AWS GovCloud (Stati Uniti occidentali) «arn:aws:s3: :pacchetti. us-gov-west-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-west-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-west-1.emr.amazonaws.com/*» «arn:aws:s3: :prod.me-south-1.appinfo.src/*»