Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Politiche di esempio per sottoreti private che accedono ad Amazon S3
Per le sottoreti private, devi offrire ad Amazon EMR almeno la possibilità di accedere ai repository Amazon Linux. Questa policy della sottorete privata fa parte delle policy endpoint VPC per accedere ad Amazon S3.
Con Amazon EMR 5.25.0 o versioni successive, per abilitare l'accesso con un clic a Spark History Server persistente, devi consentire ad Amazon EMR di accedere al bucket di sistema che raccoglie i log di eventi Spark. Se abiliti la registrazione, fornisci le autorizzazioni PUT al seguente bucket:
aws157-logs-${AWS::Region}/*
Per ulteriori informazioni, consulta Accesso con un clic a Spark History Server persistente.
Spetta a te determinare le restrizioni della policy che soddisfano le esigenze aziendali. La seguente policy di esempio fornisce le autorizzazioni per accedere ai repository Amazon Linux e al bucket di sistema Amazon EMR per la raccolta dei log di eventi Spark. Mostra alcuni esempi di nomi di risorse per i bucket.
Per ulteriori informazioni sull'utilizzo delle policy IAM con gli endpoint Amazon VPC, consulta Policy dell'endpoint per Amazon S3.
Il seguente esempio di policy contiene risorse di esempio nella regione us-east-1.
{ "Version": "2008-10-17", "Statement": [ { "Sid": "AmazonLinuxAMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::packages.us-east-1.amazonaws.com/*", "arn:aws:s3:::repo.us-east-1.amazonaws.com/", "arn:aws:s3:::repo.us-east-1.amazonaws.com/*" ] }, { "Sid": "EnableApplicationHistory", "Effect": "Allow", "Principal": "*", "Action": [ "s3:Put*", "s3:Get*", "s3:Create*", "s3:Abort*", "s3:List*" ], "Resource": [ "arn:aws:s3:::prod.us-east-1.appinfo.src/*" ] } ] }
La policy di seguito fornisce le autorizzazioni necessarie per accedere ai repository Amazon Linux 2. L'AMI Amazon Linux 2 è l'impostazione predefinita.
{ "Statement": [ { "Sid": "AmazonLinux2AMIRepositoryAccess", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::amazonlinux.us-east-1.amazonaws.com/*", "arn:aws:s3:::amazonlinux-2-repos-us-east-1/*" ] } ] }
Regioni disponibili
La tabella seguente contiene un elenco di bucket per regione e include sia un Amazon Resource Name (ARN) per il repository sia una stringa che rappresenta l'ARN per. appinfo.src L'ARN, o Amazon Resource Name, è una stringa che identifica in modo univoco una risorsa. AWS
| Regione | Bucket di repository | AppInfo secchio |
|---|---|---|
| Stati Uniti orientali (Ohio) | «arn:aws:s3::: packages.us-east-2.amazonaws.com/», "arn:aws:s3::: repo.us-east-2.amazonaws.com/», "arn:aws:s3: ::repo.us-east-2.emr.amazonaws.com/*» | «arn:aws:s3: :prod.us-east-2.appinfo.src/*» |
| Stati Uniti orientali (Virginia settentrionale) | «arn:aws:s3::: packages.us-east-1.amazonaws.com/», "arn:aws:s3::: repo.us-east-1.amazonaws.com/», "arn:aws:s3: ::repo.us-east-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.us-east-1.appinfo.src/*» |
| Stati Uniti occidentali (California settentrionale) | «arn:aws:s3::: packages.us-west-1.amazonaws.com/», "arn:aws:s3::: repo.us-west-1.amazonaws.com/», "arn:aws:s3: ::repo.us-west-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.us-west-1.appinfo.src/*» |
| Stati Uniti occidentali (Oregon) | «arn:aws:s3::: packages.us-west-2.amazonaws.com/», "arn:aws:s3::: repo.us-west-2.amazonaws.com/», "arn:aws:s3: ::repo.us-west-2.emr.amazonaws.com/*» | «arn:aws:s3: :prod.us-west-2.appinfo.src/*» |
| Africa (Città del Capo) | «arn:aws:s3::: packages.af-south-1.amazonaws.com/», "arn:aws:s3::: repo.af-south-1.amazonaws.com/», "arn:aws:s3: ::repo.af-south-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.af-south-1.appinfo.src/*» |
| Africa (Città del Capo) | «arn:aws:s3::: packages.ap-east-1.amazonaws.com/», "arn:aws:s3::: repo.ap-east-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-east-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.ap-east-1.appinfo.src/*» |
| Asia Pacific (Hyderabad) | «arn:aws:s3::: packages.ap-south-2.amazonaws.com/», "arn:aws:s3::: repo.ap-south-2.amazonaws.com/», "arn:aws:s3: ::repo.ap-south-2.emr.amazonaws.com/*» | «arn:aws:s3: :prod.ap-south-2.appinfo.src/*» |
| Asia Pacifico (Giacarta) | «arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-southeast-3.appinfo.src/*» |
| Asia Pacifico (Malesia) | «arn:aws:s3::: packages.ap-southeast-5.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-5.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-5.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-southeast-5.appinfo.src/*» |
| Asia Pacifico (Melbourne) | «arn:aws:s3::: packages.ap-southeast-4.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-4.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-4.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-south-2.appinfo.src/*» |
| Asia Pacifico (Giacarta) | «arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-southeast-4.appinfo.src/*» |
| Asia Pacifico (Mumbai) | «arn:aws:s3::: packages.ap-south-1.amazonaws.com/», "arn:aws:s3::: repo.ap-south-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-south-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.ap-south-1.appinfo.src/*» |
| Asia Pacifico (Osaka-Locale) | «arn:aws:s3::: packages.ap-southeast-3.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-3.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-3.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-southeast-4.appinfo.src/*» |
| Asia Pacifico (Seoul) | «arn:aws:s3::: packages.ap-northeast-2.amazonaws.com/», "arn:aws:s3::: repo.ap-northeast-2.amazonaws.com/», "arn:aws:s3: ::repo.ap-northeast-2.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-northeast-2.appinfo.src/*» |
| Asia Pacifico (Singapore) | «arn:aws:s3::: packages.ap-southeast-1.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-southeast-1.appinfo.src/*» |
| Asia Pacifico (Sydney) | «arn:aws:s3::: packages.ap-southeast-2.amazonaws.com/», "arn:aws:s3::: repo.ap-southeast-2.amazonaws.com/», "arn:aws:s3: ::repo.ap-southeast-2.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-southeast-2.appinfo.src/*» |
| Asia Pacifico (Tokyo) | «arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/», "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-northeast-1.appinfo.src/*» |
| Canada (Centrale) | «arn:aws:s3::: packages.ca-central-1.amazonaws.com/», "arn:aws:s3::: repo.ca-central-1.amazonaws.com/», "arn:aws:s3: ::repo.ca-central-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ca-central-1.appinfo.src/*» |
| Canada occidentale (Calgary) | «arn:aws:s3::: packages.ap-northeast-1.amazonaws.com/», "arn:aws:s3::: repo.ap-northeast-1.amazonaws.com/», "arn:aws:s3: ::repo.ap-northeast-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.ap-northeast-1.appinfo.src/*» |
| Europa (Francoforte) | «arn:aws:s3::: packages.eu-central-1.amazonaws.com/», "arn:aws:s3::: repo.eu-central-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-central-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.eu-central-1.appinfo.src/*» |
| Europa (Irlanda) | «arn:aws:s3::: packages.eu-west-1.amazonaws.com/», "arn:aws:s3::: repo.eu-west-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-west-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-west-1.appinfo.src/*» |
| Europa (Londra) | «arn:aws:s3::: packages.eu-west-2.amazonaws.com/», "arn:aws:s3::: repo.eu-west-2.amazonaws.com/», "arn:aws:s3: ::repo.eu-west-2.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-west-2.appinfo.src/*» |
| Europa (Milano) | «arn:aws:s3::: packages.eu-south-1.amazonaws.com/», "arn:aws:s3::: repo.eu-south-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-south-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-south-1.appinfo.src/*» |
| Europa (Parigi) | «arn:aws:s3::: packages.eu-west-3.amazonaws.com/», "arn:aws:s3::: repo.eu-west-3.amazonaws.com/», "arn:aws:s3: ::repo.eu-west-3.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-west-3.appinfo.src/*» |
| Europa (Spagna) | «arn:aws:s3::: packages.eu-south-2.amazonaws.com/», "arn:aws:s3::: repo.eu-south-2.amazonaws.com/», "arn:aws:s3: ::repo.eu-south-2.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-south-2.appinfo.src/*» |
| Europa (Stoccolma) | «arn:aws:s3::: packages.eu-north-1.amazonaws.com/», "arn:aws:s3::: repo.eu-north-1.amazonaws.com/», "arn:aws:s3: ::repo.eu-north-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-north-1.appinfo.src/*» |
| Europa (Zurigo) | «arn:aws:s3::: packages.eu-central-2.amazonaws.com/», "arn:aws:s3::: repo.eu-central-2.amazonaws.com/», "arn:aws:s3: ::repo.eu-central-2.emr.amazonaws.com/*» | «arn:aws:s3: :prod.eu-central-2.appinfo.src/*» |
| Israele (Tel Aviv) | «arn:aws:s3::: packages.il-central-1.amazonaws.com/», "arn:aws:s3::: repo.il-central-1.amazonaws.com/», "arn:aws:s3: ::repo.il-central-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.il-central-1.appinfo.src/*» |
| Medio Oriente (Bahrein) | «arn:aws:s3::: packages.me-south-1.amazonaws.com/», "arn:aws:s3::: repo.me-south-1.amazonaws.com/», "arn:aws:s3: ::repo.me-south-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.me-south-1.appinfo.src/*» |
| Medio Oriente (Emirati Arabi Uniti) | «arn:aws:s3::: packages.me-central-1.amazonaws.com/», "arn:aws:s3::: repo.me-central-1.amazonaws.com/», "arn:aws:s3: ::repo.me-central-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.me-central-1.appinfo.src/*» |
| Sud America (San Paolo) | «arn:aws:s3::: packages.sa-east-1.amazonaws.com/», "arn:aws:s3::: repo.sa-east-1.amazonaws.com/», "arn:aws:s3: ::repo.sa-east-1.emr.amazonaws.com/*» | «arn:aws:s3: ::prod.sa-east-1.appinfo.src/*» |
| AWS GovCloud (Stati Uniti orientali) | «arn:aws:s3: :pacchetti. us-gov-east-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-east-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-east-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod. us-gov-east-1.appinfo.src/*» |
| AWS GovCloud (Stati Uniti occidentali) | «arn:aws:s3: :pacchetti. us-gov-west-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-west-1.amazonaws.com/», "arn:aws:s3: ::repo. us-gov-west-1.emr.amazonaws.com/*» | «arn:aws:s3: :prod.me-south-1.appinfo.src/*» |
